Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cJ6xbAA5Rn.exe

Overview

General Information

Sample name:cJ6xbAA5Rn.exe
renamed because original name is a hash value
Original sample name:fc194128c1f7b9b1e338464b0861606b.exe
Analysis ID:1570255
MD5:fc194128c1f7b9b1e338464b0861606b
SHA1:acc1b8c717bb69c669e87b00dee4b9a58702ac44
SHA256:32c196083c0fd09ff8abf4a8984c9b651360d9df9b002e206d07418f01819d58
Tags:exeuser-abuse_ch
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Found pyInstaller with non standard icon
Potentially malicious time measurement code found
Uses known network protocols on non-standard ports
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cJ6xbAA5Rn.exe (PID: 1316 cmdline: "C:\Users\user\Desktop\cJ6xbAA5Rn.exe" MD5: FC194128C1F7B9B1E338464B0861606B)
    • cJ6xbAA5Rn.exe (PID: 6328 cmdline: "C:\Users\user\Desktop\cJ6xbAA5Rn.exe" MD5: FC194128C1F7B9B1E338464B0861606B)
      • cmd.exe (PID: 6936 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: cJ6xbAA5Rn.exeReversingLabs: Detection: 18%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Source: cJ6xbAA5Rn.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573401366.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573666826.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570603637.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817718688.00007FFB22765000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: ucrtbase.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2814506791.00007FFB1C973000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571449444.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1566544577.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817086218.00007FFB1E485000.00000002.00000001.01000000.0000001A.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570358763.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572355562.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573208598.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2814894214.00007FFB1CD23000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573751816.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2816954031.00007FFB1E3AD000.00000002.00000001.01000000.0000000C.sdmp, _ssl.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2816243149.00007FFB1DE5C000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570858986.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572773390.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572158093.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573098268.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570432967.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2817811502.00007FFB22780000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571705269.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570207811.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570510543.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: cJ6xbAA5Rn.exe, 00000002.00000002.2816731233.00007FFB1DEE6000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572988534.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817619497.00007FFB22678000.00000002.00000001.01000000.0000000A.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1566317518.00000215B2155000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2818099687.00007FFB23AF1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817511809.00007FFB22657000.00000002.00000001.01000000.0000000F.sdmp, _asyncio.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2812539194.00007FFB0CCCC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571888858.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: ucrtbase.pdbUGP source: cJ6xbAA5Rn.exe, 00000002.00000002.2814506791.00007FFB1C973000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: cJ6xbAA5Rn.exe, 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573923818.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817916817.00007FFB23A33000.00000002.00000001.01000000.0000000B.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570783297.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2815055758.00007FFB1D342000.00000002.00000001.01000000.0000001E.sdmp, _uuid.pyd.0.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmp, MSVCP140.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572264983.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2816731233.00007FFB1DEE6000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\python310.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2810637097.00007FFB0C363000.00000002.00000001.01000000.00000005.sdmp, python310.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817395831.00007FFB1E86D000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571622512.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: cJ6xbAA5Rn.exe, 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570281853.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572875436.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571124184.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573495477.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817184297.00007FFB1E676000.00000002.00000001.01000000.00000014.sdmp, _hashlib.pyd.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571790860.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571535701.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1574016239.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2816243149.00007FFB1DE5C000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571971032.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572651004.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572061739.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570701788.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573580666.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571035764.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807264705.000002407BAC0000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570944044.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573312032.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573844220.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B6714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3A7820 FindFirstFileExW,FindClose,0_2_00007FF6AC3A7820
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B6714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C09B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6AC3C09B4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B6714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3A7820 FindFirstFileExW,FindClose,2_2_00007FF6AC3A7820
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B6714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3C09B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6AC3C09B4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4F0E70 FindFirstFileExW,FindClose,wcscpy_s,2_2_00007FFB0B4F0E70
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B583229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FFB0B583229

Networking

barindex
Connects to a pastebin service (likely for C&C)
Source: unknownDNS query: name: pastebin.com
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 8767
Source: global trafficTCP traffic: 192.168.2.7:49774 -> 64.23.128.101:8767
Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
Source: unknownDNS query: name: ip-api.com
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.128.101
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.128.101
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.128.101
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.128.101
Source: unknownTCP traffic detected without corresponding DNS query: 64.23.128.101
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /raw/D2WBNJMD HTTP/1.1Host: pastebin.comAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Python/3.10 aiohttp/3.8.1
Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Python/3.10 aiohttp/3.8.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 64.23.128.101:8767Upgrade: websocketConnection: UpgradeSec-WebSocket-Key: ggD9L9gsHOtc8OE8um6F9Q==Sec-WebSocket-Version: 13Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsUser-Agent: Python/3.10 websockets/12.0
Source: global trafficDNS traffic detected: DNS query: time.windows.com
Source: global trafficDNS traffic detected: DNS query: ip-api.com
Source: global trafficDNS traffic detected: DNS query: pastebin.com
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2810394872.00007FFB0BFB1000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drString found in binary or memory: http://.css
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2810394872.00007FFB0BFB1000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drString found in binary or memory: http://.jpg
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2164000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2163000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2164000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2163000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DA50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2164000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2164000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2163000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: libssl-1_1.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2164000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2163000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808201476.000002407E150000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1591466828.000002407DE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808201476.000002407E150000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1591466828.000002407DE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1591466828.000002407DE53000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807538438.000002407D79C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2810394872.00007FFB0BFB1000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drString found in binary or memory: http://html4/loose.dtd
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/post
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/opp
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1592794821.000002407DE79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2163000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2164000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2163000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2164000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1592724701.000002407DF07000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808279928.000002407E270000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592758631.000002407DAAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1592794821.000002407DE9E000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DE9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org/
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1592724701.000002407DF07000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808279928.000002407E270000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592758631.000002407DAAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org:80
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576916227.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1574526490.00000215B2163000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _uuid.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: base_library.zip.0.drString found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://bestpractices.coreinfrastructure.org/projects/6475
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://bestpractices.coreinfrastructure.org/projects/6475/badge
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DF16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue37179
Source: cJ6xbAA5Rn.exe, cJ6xbAA5Rn.exe, 00000002.00000002.2812770842.00007FFB1BA5C000.00000002.00000001.01000000.00000020.sdmp, _cffi_backend.cp310-win_amd64.pyd.0.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED14000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc6455#section-5.5.1
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2809228942.000002407EDB4000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc6455#section-5.5.2
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2809228942.000002407EDB4000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc6455#section-5.5.3
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED2C000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc6455#section-5.6
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2809228942.000002407EDA4000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc6455#section-7.1.7
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DF16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DA50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.7/library/asyncio-eventloop.html
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED14000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/glossary.html#term-eafp
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808773534.000002407E8D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSION
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808684159.000002407E7B0000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED14000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808885324.000002407E9D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E499000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1593316917.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1590486889.000002407DB0E000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1587716956.000002407BC20000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592272563.000002407DAB4000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807327854.000002407BB78000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592651914.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DF16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DF05000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DE9D000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592794821.000002407DECC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DEF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/136
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DF05000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DE9D000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592794821.000002407DECC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DEF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/428
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-websockets/websockets
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-websockets/websockets/actions/workflows/tests.yml
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-websockets/websockets/blob/main/CODE_OF_CONDUCT.md
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-websockets/websockets/blob/main/LICENSE
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-websockets/websockets/compare/
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-websockets/websockets/issues
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python-websockets/websockets/issues/new
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807538438.000002407D79C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1593316917.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1590486889.000002407DB0E000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1587716956.000002407BC20000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592272563.000002407DAB4000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807327854.000002407BB78000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592651914.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DF16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/28073
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808885324.000002407E9D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/saghul/aiodns/issues/86
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1593316917.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1590486889.000002407DB0E000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1587716956.000002407BC20000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592272563.000002407DAB4000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807327854.000002407BB78000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592651914.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/github/checks-status/python-websockets/websockets/main?label=tests
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/l/websockets.svg
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/websockets.svg
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/websockets.svg
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/readthedocs/websockets.svg
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://mahler:8092/site-updates.py
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807787719.000002407DC50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E499000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808885324.000002407E9D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/D2WBNJMD
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/D2WBNJMD5rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/D2WBNJMDc
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.python.org/pypi/websockets
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2810637097.00007FFB0C363000.00000002.00000001.01000000.00000005.sdmp, python310.dll.0.drString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://sanicframework.org/en/
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/security
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-websockets?utm_source=pypi-websockets&utm_medium=referral
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://vorpus.org/blog/some-thoughts-on-asynchronous-api-design-in-a-post-asyncawait-world/#websock
Source: METADATA.0.drString found in binary or memory: https://websockets.readthedocs.io/
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://websockets.readthedocs.io/en/stable/intro/index.html
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://websockets.readthedocs.io/en/stable/project/changelog.html
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DF05000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DE9D000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592794821.000002407DECC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DEF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.python.org/moin/DunderAlias
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808684159.000002407E7B0000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808279928.000002407E270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2816846471.00007FFB1DF1B000.00000002.00000001.01000000.0000000E.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E440000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1579784140.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808684159.000002407E7B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0506/
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807538438.000002407D710000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DF16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.1
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E5AC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E57B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc6455.html#section-5.4
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E5AC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E57B000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc6455.html#section-5.5.2
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc6455.html#section-5.5.3
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc6455.html#section-5.6
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407EC60000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc6455.html#section-7.1.5
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2808684159.000002407E7B0000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc6455.html#section-7.1.6
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc7692.html#section-7.1
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1592953974.000002407DEF2000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zopeinterface.readthedocs.io/en/latest/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C5D6C0_2_00007FF6AC3C5D6C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C4E200_2_00007FF6AC3C4E20
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3A67800_2_00007FF6AC3A6780
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3BFA080_2_00007FF6AC3BFA08
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B0DB00_2_00007FF6AC3B0DB0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B65600_2_00007FF6AC3B6560
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3BFA080_2_00007FF6AC3BFA08
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B1E700_2_00007FF6AC3B1E70
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B67140_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3BD7180_2_00007FF6AC3BD718
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B6F980_2_00007FF6AC3B6F98
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B0FB40_2_00007FF6AC3B0FB4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B4F500_2_00007FF6AC3B4F50
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B28000_2_00007FF6AC3B2800
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C58200_2_00007FF6AC3C5820
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3A80A00_2_00007FF6AC3A80A0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3BD0980_2_00007FF6AC3BD098
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C509C0_2_00007FF6AC3C509C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B67140_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B09A00_2_00007FF6AC3B09A0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C09B40_2_00007FF6AC3C09B4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B11C00_2_00007FF6AC3B11C0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C31CC0_2_00007FF6AC3C31CC
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3A1B900_2_00007FF6AC3A1B90
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B8BA00_2_00007FF6AC3B8BA0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B0BA40_2_00007FF6AC3B0BA4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C8B680_2_00007FF6AC3C8B68
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B2C040_2_00007FF6AC3B2C04
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3BCC040_2_00007FF6AC3BCC04
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B13C40_2_00007FF6AC3B13C4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C2D300_2_00007FF6AC3C2D30
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3C5D6C2_2_00007FF6AC3C5D6C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3C4E202_2_00007FF6AC3C4E20
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B0DB02_2_00007FF6AC3B0DB0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B65602_2_00007FF6AC3B6560
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3BFA082_2_00007FF6AC3BFA08
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B1E702_2_00007FF6AC3B1E70
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B67142_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3BD7182_2_00007FF6AC3BD718
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3A67802_2_00007FF6AC3A6780
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B6F982_2_00007FF6AC3B6F98
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B0FB42_2_00007FF6AC3B0FB4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B4F502_2_00007FF6AC3B4F50
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B28002_2_00007FF6AC3B2800
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3C58202_2_00007FF6AC3C5820
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3A80A02_2_00007FF6AC3A80A0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3BD0982_2_00007FF6AC3BD098
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3C509C2_2_00007FF6AC3C509C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B67142_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B09A02_2_00007FF6AC3B09A0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3C09B42_2_00007FF6AC3C09B4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3BFA082_2_00007FF6AC3BFA08
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B11C02_2_00007FF6AC3B11C0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3C31CC2_2_00007FF6AC3C31CC
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3A1B902_2_00007FF6AC3A1B90
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B8BA02_2_00007FF6AC3B8BA0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B0BA42_2_00007FF6AC3B0BA4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3C8B682_2_00007FF6AC3C8B68
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B2C042_2_00007FF6AC3B2C04
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3BCC042_2_00007FF6AC3BCC04
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B13C42_2_00007FF6AC3B13C4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3C2D302_2_00007FF6AC3C2D30
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5073E02_2_00007FFB0B5073E0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4F34102_2_00007FFB0B4F3410
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B51A39E2_2_00007FFB0B51A39E
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4E6C742_2_00007FFB0B4E6C74
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B512AE02_2_00007FFB0B512AE0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4E7AA82_2_00007FFB0B4E7AA8
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5132B82_2_00007FFB0B5132B8
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4E81D82_2_00007FFB0B4E81D8
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4F40E02_2_00007FFB0B4F40E0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B50816C2_2_00007FFB0B50816C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5089502_2_00007FFB0B508950
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4E5FC82_2_00007FFB0B4E5FC8
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5016F02_2_00007FFB0B5016F0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B501F102_2_00007FFB0B501F10
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B51169C2_2_00007FFB0B51169C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B51A39E2_2_00007FFB0B51A39E
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5067202_2_00007FFB0B506720
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4F4E102_2_00007FFB0B4F4E10
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5046082_2_00007FFB0B504608
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B51A39E2_2_00007FFB0B51A39E
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4F5E802_2_00007FFB0B4F5E80
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B500E302_2_00007FFB0B500E30
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B50363C2_2_00007FFB0B50363C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5144A02_2_00007FFB0B5144A0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5165802_2_00007FFB0B516580
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5005702_2_00007FFB0B500570
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5811402_2_00007FFB0B581140
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5822FC2_2_00007FFB0B5822FC
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58592F2_2_00007FFB0B58592F
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5826E92_2_00007FFB0B5826E9
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B584C142_2_00007FFB0B584C14
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B582FCC2_2_00007FFB0B582FCC
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B584A542_2_00007FFB0B584A54
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B734A102_2_00007FFB0B734A10
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5811CC2_2_00007FFB0B5811CC
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B586D572_2_00007FFB0B586D57
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58144C2_2_00007FFB0B58144C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6C0F902_2_00007FFB0B6C0F90
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6ACF902_2_00007FFB0B6ACF90
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5831892_2_00007FFB0B583189
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B586EBA2_2_00007FFB0B586EBA
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B581F962_2_00007FFB0B581F96
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58362F2_2_00007FFB0B58362F
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58659B2_2_00007FFB0B58659B
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5844032_2_00007FFB0B584403
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5810AA2_2_00007FFB0B5810AA
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5812172_2_00007FFB0B581217
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B59C4802_2_00007FFB0B59C480
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6304402_2_00007FFB0B630440
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B7382E02_2_00007FFB0B7382E0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B582C752_2_00007FFB0B582C75
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5814242_2_00007FFB0B581424
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B585B732_2_00007FFB0B585B73
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5841012_2_00007FFB0B584101
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6C01202_2_00007FFB0B6C0120
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B584B562_2_00007FFB0B584B56
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B586C1C2_2_00007FFB0B586C1C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B582D742_2_00007FFB0B582D74
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58275C2_2_00007FFB0B58275C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5822AC2_2_00007FFB0B5822AC
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6AC5F02_2_00007FFB0B6AC5F0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58177B2_2_00007FFB0B58177B
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B59C6202_2_00007FFB0B59C620
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5869E22_2_00007FFB0B5869E2
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5825EF2_2_00007FFB0B5825EF
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5838322_2_00007FFB0B583832
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58266C2_2_00007FFB0B58266C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5872522_2_00007FFB0B587252
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5835FD2_2_00007FFB0B5835FD
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B581CFD2_2_00007FFB0B581CFD
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B583A852_2_00007FFB0B583A85
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5850AB2_2_00007FFB0B5850AB
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B7399E02_2_00007FFB0B7399E0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B7219202_2_00007FFB0B721920
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5859F72_2_00007FFB0B5859F7
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5857D12_2_00007FFB0B5857D1
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B581B312_2_00007FFB0B581B31
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58378D2_2_00007FFB0B58378D
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5843592_2_00007FFB0B584359
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5847462_2_00007FFB0B584746
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6B5E302_2_00007FFB0B6B5E30
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B583BA22_2_00007FFB0B583BA2
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5829822_2_00007FFB0B582982
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5872A72_2_00007FFB0B5872A7
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B581D832_2_00007FFB0B581D83
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5873652_2_00007FFB0B587365
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B582D0B2_2_00007FFB0B582D0B
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5816222_2_00007FFB0B581622
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5855102_2_00007FFB0B585510
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B585F0B2_2_00007FFB0B585F0B
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5842872_2_00007FFB0B584287
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5853A82_2_00007FFB0B5853A8
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5A52002_2_00007FFB0B5A5200
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B585BF02_2_00007FFB0B585BF0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5844C62_2_00007FFB0B5844C6
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B59D2602_2_00007FFB0B59D260
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B7392102_2_00007FFB0B739210
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5871082_2_00007FFB0B587108
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5868C52_2_00007FFB0B5868C5
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5821352_2_00007FFB0B582135
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B584F3E2_2_00007FFB0B584F3E
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5853C12_2_00007FFB0B5853C1
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58216C2_2_00007FFB0B58216C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58655F2_2_00007FFB0B58655F
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5863892_2_00007FFB0B586389
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5854CF2_2_00007FFB0B5854CF
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6C15C02_2_00007FFB0B6C15C0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B583A8F2_2_00007FFB0B583A8F
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5854CA2_2_00007FFB0B5854CA
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5850472_2_00007FFB0B585047
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5812992_2_00007FFB0B581299
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B584AC52_2_00007FFB0B584AC5
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58542F2_2_00007FFB0B58542F
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58560F2_2_00007FFB0B58560F
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5815C82_2_00007FFB0B5815C8
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B581B222_2_00007FFB0B581B22
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B584D042_2_00007FFB0B584D04
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B585B0F2_2_00007FFB0B585B0F
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B662B402_2_00007FFB0B662B40
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B722A902_2_00007FFB0B722A90
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B585D9E2_2_00007FFB0B585D9E
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5823F12_2_00007FFB0B5823F1
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B59F0602_2_00007FFB0B59F060
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B586EEC2_2_00007FFB0B586EEC
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6BB0202_2_00007FFB0B6BB020
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B59EF002_2_00007FFB0B59EF00
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58213F2_2_00007FFB0B58213F
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5872C02_2_00007FFB0B5872C0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5846332_2_00007FFB0B584633
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5870772_2_00007FFB0B587077
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B586FFA2_2_00007FFB0B586FFA
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B581A4B2_2_00007FFB0B581A4B
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5836932_2_00007FFB0B583693
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5834862_2_00007FFB0B583486
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6B61302_2_00007FFB0B6B6130
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B585E202_2_00007FFB0B585E20
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5860D72_2_00007FFB0B5860D7
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6B26702_2_00007FFB0B6B2670
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B584E4E2_2_00007FFB0B584E4E
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B581CC12_2_00007FFB0B581CC1
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B585A602_2_00007FFB0B585A60
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6B7AF02_2_00007FFB0B6B7AF0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5830C12_2_00007FFB0B5830C1
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B7239D02_2_00007FFB0B7239D0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5841652_2_00007FFB0B584165
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B737A102_2_00007FFB0B737A10
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B586A822_2_00007FFB0B586A82
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B583FDA2_2_00007FFB0B583FDA
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58655A2_2_00007FFB0B58655A
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B582E8C2_2_00007FFB0B582E8C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B584C372_2_00007FFB0B584C37
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B59BF202_2_00007FFB0B59BF20
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5827662_2_00007FFB0B582766
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6AFE302_2_00007FFB0B6AFE30
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B59BD602_2_00007FFB0B59BD60
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5822892_2_00007FFB0B582289
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5832E72_2_00007FFB0B5832E7
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B7BF4602_2_00007FFB0B7BF460
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5851692_2_00007FFB0B585169
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B6B73102_2_00007FFB0B6B7310
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B585D852_2_00007FFB0B585D85
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B583B932_2_00007FFB0B583B93
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B59F2002_2_00007FFB0B59F200
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5AB1C02_2_00007FFB0B5AB1C0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B586CB72_2_00007FFB0B586CB7
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5829CD2_2_00007FFB0B5829CD
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58114F2_2_00007FFB0B58114F
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58609B2_2_00007FFB0B58609B
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5EF7002_2_00007FFB0B5EF700
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5822E82_2_00007FFB0B5822E8
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5821B72_2_00007FFB0B5821B7
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B581EA12_2_00007FFB0B581EA1
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B586F232_2_00007FFB0B586F23
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5870452_2_00007FFB0B587045
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5AB5502_2_00007FFB0B5AB550
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB1BA4B2802_2_00007FFB1BA4B280
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FFB0B582A04 appears 172 times
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FFB0B58300D appears 55 times
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FFB0B586889 appears 31 times
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FFB0B584D68 appears 34 times
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FFB0B586988 appears 51 times
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FF6AC3A2770 appears 82 times
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FFB0B581EF1 appears 1586 times
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FFB0B582734 appears 510 times
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FFB0B58483B appears 129 times
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FFB0B5824B9 appears 83 times
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: String function: 00007FFB0B584057 appears 780 times
Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1572061739.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1572158093.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1571971032.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1572773390.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1570281853.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1573666826.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1572264983.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1573923818.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1571124184.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1566091399.00000215B2155000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1573312032.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1576187592.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1573844220.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1572651004.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1572875436.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1570358763.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1570207811.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1570603637.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1571790860.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1571035764.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1571449444.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1573098268.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1572988534.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1578573567.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1573495477.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1570944044.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1571888858.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1570510543.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1573580666.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1572355562.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1573401366.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1571535701.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1573208598.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1567555813.00000215B2156000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568031367.00000215B2157000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1571622512.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1574016239.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1573751816.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1570858986.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1570783297.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1570701788.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1566317518.00000215B2155000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1568997356.00000215B2157000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1571705269.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1566544577.00000215B2156000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000000.00000003.1570432967.00000215B2159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exeBinary or memory string: OriginalFilename vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000003.1587716956.000002407BC27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2817440386.00007FFB1E872000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2812708502.00007FFB0CCD1000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2817028553.00007FFB1E3C5000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2814948529.00007FFB1CD26000.00000002.00000001.01000000.00000022.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2817855809.00007FFB2278B000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2817125992.00007FFB1E489000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2818137982.00007FFB23AF7000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2816846471.00007FFB1DF1B000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamelibsslH vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807264705.000002407BAC0000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2817662773.00007FFB22682000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2812467960.00007FFB0C481000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2817753460.00007FFB2276A000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2817954308.00007FFB23A36000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2815127593.00007FFB1D344000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2817556471.00007FFB2265E000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2814654919.00007FFB1C9AE000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2817225151.00007FFB1E67D000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs cJ6xbAA5Rn.exe
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2816448216.00007FFB1DE65000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs cJ6xbAA5Rn.exe
Source: classification engineClassification label: mal68.troj.evad.winEXE@6/80@3/4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3A74B0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF6AC3A74B0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4F12C0 GetDiskFreeSpaceExW,2_2_00007FFB0B4F12C0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1528:120:WilError_03
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user~1\AppData\Local\Temp\_MEI13162Jump to behavior
Source: cJ6xbAA5Rn.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: cJ6xbAA5Rn.exeReversingLabs: Detection: 18%
Source: cJ6xbAA5Rn.exeString found in binary or memory: can't send non-None value to a just-started generator
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile read: C:\Users\user\Desktop\cJ6xbAA5Rn.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\cJ6xbAA5Rn.exe "C:\Users\user\Desktop\cJ6xbAA5Rn.exe"
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeProcess created: C:\Users\user\Desktop\cJ6xbAA5Rn.exe "C:\Users\user\Desktop\cJ6xbAA5Rn.exe"
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeProcess created: C:\Users\user\Desktop\cJ6xbAA5Rn.exe "C:\Users\user\Desktop\cJ6xbAA5Rn.exe"Jump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: cJ6xbAA5Rn.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: cJ6xbAA5Rn.exeStatic file information: File size 9068491 > 1048576
Source: cJ6xbAA5Rn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: cJ6xbAA5Rn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: cJ6xbAA5Rn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: cJ6xbAA5Rn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: cJ6xbAA5Rn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: cJ6xbAA5Rn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: cJ6xbAA5Rn.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: cJ6xbAA5Rn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573401366.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573666826.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570603637.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568661740.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817718688.00007FFB22765000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: ucrtbase.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2814506791.00007FFB1C973000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571449444.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1566544577.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817086218.00007FFB1E485000.00000002.00000001.01000000.0000001A.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570358763.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572355562.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573208598.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568769051.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2814894214.00007FFB1CD23000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573751816.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2816954031.00007FFB1E3AD000.00000002.00000001.01000000.0000000C.sdmp, _ssl.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2816243149.00007FFB1DE5C000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570858986.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572773390.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572158093.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573098268.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570432967.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2817811502.00007FFB22780000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571705269.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570207811.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570510543.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: cJ6xbAA5Rn.exe, 00000002.00000002.2816731233.00007FFB1DEE6000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572988534.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568851389.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817619497.00007FFB22678000.00000002.00000001.01000000.0000000A.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1566317518.00000215B2155000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2818099687.00007FFB23AF1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1566627575.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817511809.00007FFB22657000.00000002.00000001.01000000.0000000F.sdmp, _asyncio.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1579125378.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2812539194.00007FFB0CCCC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571888858.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: ucrtbase.pdbUGP source: cJ6xbAA5Rn.exe, 00000002.00000002.2814506791.00007FFB1C973000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: cJ6xbAA5Rn.exe, 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573923818.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1578324786.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817916817.00007FFB23A33000.00000002.00000001.01000000.0000000B.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570783297.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1569127658.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2815055758.00007FFB1D342000.00000002.00000001.01000000.0000001E.sdmp, _uuid.pyd.0.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmp, MSVCP140.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572264983.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2816731233.00007FFB1DEE6000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\python310.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2810637097.00007FFB0C363000.00000002.00000001.01000000.00000005.sdmp, python310.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1567225993.00000215B2156000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817395831.00007FFB1E86D000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568580627.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571622512.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: cJ6xbAA5Rn.exe, 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570281853.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572875436.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571124184.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573495477.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1568274505.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2817184297.00007FFB1E676000.00000002.00000001.01000000.00000014.sdmp, _hashlib.pyd.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571790860.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571535701.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1574016239.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbNN source: cJ6xbAA5Rn.exe, 00000000.00000003.1568432934.00000215B2157000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2816243149.00007FFB1DE5C000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571971032.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572651004.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1572061739.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570701788.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573580666.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1571035764.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1576355622.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807264705.000002407BAC0000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1570944044.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573312032.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: cJ6xbAA5Rn.exe, 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: cJ6xbAA5Rn.exe, 00000000.00000003.1573844220.00000215B2159000.00000004.00000020.00020000.00000000.sdmp
Source: cJ6xbAA5Rn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: cJ6xbAA5Rn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: cJ6xbAA5Rn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: cJ6xbAA5Rn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: cJ6xbAA5Rn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: 0xB5D7273D [Fri Sep 3 21:53:01 2066 UTC]
Source: cJ6xbAA5Rn.exeStatic PE information: section name: _RDATA
Source: MSVCP140.dll.0.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: python310.dll.0.drStatic PE information: section name: PyRuntim
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3F10CC push rbp; retn 0000h0_2_00007FF6AC3F10CD
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3F10E4 push rcx; retn 0000h0_2_00007FF6AC3F10ED
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3F10CC push rbp; retn 0000h2_2_00007FF6AC3F10CD
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3F10E4 push rcx; retn 0000h2_2_00007FF6AC3F10ED

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeProcess created: "C:\Users\user\Desktop\cJ6xbAA5Rn.exe"
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_websocket.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\pycares\_cares.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\websockets\speedups.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_http_parser.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\frozenlist\_frozenlist.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\multidict\_multidict.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_http_writer.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_helpers.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\select.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\yarl\_quoting_c.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_brotli.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\MSVCP140.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI13162\_socket.pydJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 8767
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3A55D0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF6AC3A55D0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B584241 rdtsc 2_2_00007FFB0B584241
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_websocket.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\pycares\_cares.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\websockets\speedups.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_http_parser.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\frozenlist\_frozenlist.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\multidict\_multidict.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_http_writer.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_helpers.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\select.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\yarl\_quoting_c.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_brotli.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI13162\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16663
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeAPI coverage: 1.1 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B6714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3A7820 FindFirstFileExW,FindClose,0_2_00007FF6AC3A7820
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B6714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C09B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6AC3C09B4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B6714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3A7820 FindFirstFileExW,FindClose,2_2_00007FF6AC3A7820
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B6714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF6AC3B6714
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3C09B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6AC3C09B4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B4F0E70 FindFirstFileExW,FindClose,wcscpy_s,2_2_00007FFB0B4F0E70
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B583229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FFB0B583229
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB1BA4BA40 _Py_NoneStruct,_PyArg_ParseTuple_SizeT,GetSystemInfo,VirtualAlloc,_Py_Dealloc,PyExc_MemoryError,PyErr_SetString,_PyObject_GC_New,PyExc_NotImplementedError,PyErr_Format,Py_FatalError,PyObject_GC_Track,PyExc_SystemError,PyErr_SetString,_Py_Dealloc,_Py_Dealloc,2_2_00007FFB1BA4BA40
Source: cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWut

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B5842412_2_00007FFB0B584241
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B58572C2_2_00007FFB0B58572C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B584241 rdtsc 2_2_00007FFB0B584241
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3AB69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6AC3AB69C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C25A0 GetProcessHeap,0_2_00007FF6AC3C25A0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3AAE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6AC3AAE00
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3AB69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6AC3AB69C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3AB880 SetUnhandledExceptionFilter,0_2_00007FF6AC3AB880
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3B9AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6AC3B9AE4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3AAE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF6AC3AAE00
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3AB69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6AC3AB69C
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3AB880 SetUnhandledExceptionFilter,2_2_00007FF6AC3AB880
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FF6AC3B9AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6AC3B9AE4
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B52D460 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFB0B52D460
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B585A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB0B585A1F
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB1BA5B808 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFB1BA5B808
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeProcess created: C:\Users\user\Desktop\cJ6xbAA5Rn.exe "C:\Users\user\Desktop\cJ6xbAA5Rn.exe"Jump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C89B0 cpuid 0_2_00007FF6AC3C89B0
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW,2_2_00007FFB0B4E9B90
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: ___lc_locale_name_func,__crtGetLocaleInfoEx,2_2_00007FFB0B50F930
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\websockets-12.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\websockets-12.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\websockets-12.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_asyncio.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_overlapped.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\multidict VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\multidict VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\multidict VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\multidict\_multidict.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\multidict VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\yarl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\yarl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\yarl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\yarl\_quoting_c.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_helpers.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_http_writer.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_brotli.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_http_parser.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_websocket.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_uuid.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\pycares VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\pycares VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\pycares VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\pycares\_cares.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_cffi_backend.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\frozenlist VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\frozenlist VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\frozenlist VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\frozenlist\_frozenlist.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\Desktop\cJ6xbAA5Rn.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\websockets VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\websockets VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\websockets VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI13162\websockets\speedups.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3AB580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6AC3AB580
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 0_2_00007FF6AC3C4E20 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6AC3C4E20
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\cJ6xbAA5Rn.exeCode function: 2_2_00007FFB0B582B5D bind,WSAGetLastError,2_2_00007FFB0B582B5D

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Web Service		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable Media11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
System Network Configuration Discovery		SMB/Windows Admin SharesData from Network Shared Drive11
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Timestomp		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets35
System Information Discovery		SSHKeylogging2
Non-Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain CredentialsWi-Fi DiscoveryVNCGUI Input Capture3
Application Layer Protocol		Data Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
cJ6xbAA5Rn.exe18%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI13162\MSVCP140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_brotli.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_cffi_backend.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\_uuid.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_helpers.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_http_parser.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_http_writer.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_websocket.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\frozenlist\_frozenlist.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI13162\libffi-7.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://sanicframework.org/en/0%Avira URL Cloudsafe
https://bestpractices.coreinfrastructure.org/projects/64750%Avira URL Cloudsafe
https://bestpractices.coreinfrastructure.org/projects/6475/badge0%Avira URL Cloudsafe
https://zopeinterface.readthedocs.io/en/latest/0%Avira URL Cloudsafe
https://websockets.readthedocs.io/en/stable/intro/index.html0%Avira URL Cloudsafe
http://json.org0%Avira URL Cloudsafe
https://websockets.readthedocs.io/0%Avira URL Cloudsafe
https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support0%Avira URL Cloudsafe
http://httpbin.org/post0%Avira URL Cloudsafe
https://vorpus.org/blog/some-thoughts-on-asynchronous-api-design-in-a-post-asyncawait-world/#websock0%Avira URL Cloudsafe
http://64.23.128.101:8767/0%Avira URL Cloudsafe
https://tidelift.com/subscription/pkg/pypi-websockets?utm_source=pypi-websockets&utm_medium=referral0%Avira URL Cloudsafe
https://bugs.python.org/issue371790%Avira URL Cloudsafe
https://www.attrs.org/0%Avira URL Cloudsafe
https://websockets.readthedocs.io/en/stable/project/changelog.html0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    s-part-0033.t-0009.t-msedge.net
    		13.107.246.61
    		truefalse
      		unknown
      ip-api.com
      		208.95.112.1
      		truefalse
        		high
        pastebin.com
        		172.67.19.24
        		truefalse
          		high
          time.windows.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://pastebin.com/raw/D2WBNJMDfalse
              		high
              http://ip-api.com/json/false
                		high
                http://64.23.128.101:8767/false
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://html4/loose.dtdcJ6xbAA5Rn.exe, 00000002.00000002.2810394872.00007FFB0BFB1000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drfalse
                  		high
                  https://mahler:8092/site-updates.pycJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                    		high
                    https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSIONcJ6xbAA5Rn.exe, 00000002.00000002.2808773534.000002407E8D0000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://img.shields.io/pypi/v/websockets.svgcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                        		high
                        https://sanicframework.org/en/cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.python.org/download/releases/2.3/mro/.cJ6xbAA5Rn.exe, 00000002.00000002.2807538438.000002407D710000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                          		high
                          https://github.comcJ6xbAA5Rn.exe, 00000002.00000002.2808684159.000002407E7B0000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED14000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808885324.000002407E9D0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://img.shields.io/pypi/l/websockets.svgcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                              		high
                              http://python.org/cJ6xbAA5Rn.exe, 00000002.00000003.1592794821.000002407DE9E000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DE9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.python.org/dev/peps/pep-0506/cJ6xbAA5Rn.exe, 00000002.00000002.2808684159.000002407E7B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/Ousret/charset_normalizercJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E499000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/aio-libs/aiohttp/discussions/6044cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DF16000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://docs.python.org/3.7/library/asyncio-eventloop.htmlcJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DA50000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://python.orgcJ6xbAA5Rn.exe, 00000002.00000003.1592724701.000002407DF07000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808279928.000002407E270000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592758631.000002407DAAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://python.org/dev/peps/pep-0263/cJ6xbAA5Rn.exe, 00000002.00000002.2810637097.00007FFB0C363000.00000002.00000001.01000000.00000005.sdmp, python310.dll.0.drfalse
                                            		high
                                            http://python.org:80cJ6xbAA5Rn.exe, 00000002.00000003.1592724701.000002407DF07000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808279928.000002407E270000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592758631.000002407DAAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/python-websockets/websockets/compare/cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                		high
                                                https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#cJ6xbAA5Rn.exe, 00000002.00000003.1593316917.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1590486889.000002407DB0E000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1587716956.000002407BC20000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592272563.000002407DAB4000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807327854.000002407BB78000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592651914.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://img.shields.io/github/checks-status/python-websockets/websockets/main?label=testscJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                    		high
                                                    http://.csscJ6xbAA5Rn.exe, 00000002.00000002.2810394872.00007FFB0BFB1000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drfalse
                                                      		high
                                                      https://datatracker.ietf.org/doc/html/rfc6455#section-5.5.2cJ6xbAA5Rn.exe, 00000002.00000002.2809228942.000002407EDB4000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://datatracker.ietf.org/doc/html/rfc6455#section-5.5.1cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED14000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://bestpractices.coreinfrastructure.org/projects/6475cJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://bestpractices.coreinfrastructure.org/projects/6475/badgecJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://datatracker.ietf.org/doc/html/rfc6455#section-5.5.3cJ6xbAA5Rn.exe, 00000002.00000002.2809228942.000002407EDB4000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://tidelift.com/securitycJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                              		high
                                                              https://datatracker.ietf.org/doc/html/rfc6455#section-5.6cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED2C000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://pypi.python.org/pypi/websocketscJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                  		high
                                                                  http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://pastebin.com/raw/D2WBNJMDccJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/python-websockets/websockets/issues/newcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                          		high
                                                                          https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-supportcJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DF16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://github.com/python-websockets/websockets/actions/workflows/tests.ymlcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                            		high
                                                                            http://docs.python.org/3/library/subprocess#subprocess.Popen.killcJ6xbAA5Rn.exe, 00000002.00000002.2808201476.000002407E150000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1591466828.000002407DE53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://datatracker.ietf.org/doc/html/rfc6455#section-7.1.7cJ6xbAA5Rn.exe, 00000002.00000002.2809228942.000002407EDA4000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/python-attrs/attrs/issues/136cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DF05000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DE9D000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592794821.000002407DECC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DEF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.rfc-editor.org/rfc/rfc7692.html#section-7.1cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodecJ6xbAA5Rn.exe, 00000002.00000002.2808201476.000002407E150000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1591466828.000002407DE53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://img.shields.io/pypi/pyversions/websockets.svgcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                        		high
                                                                                        https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.1cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DF16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://.jpgcJ6xbAA5Rn.exe, 00000002.00000002.2810394872.00007FFB0BFB1000.00000002.00000001.01000000.00000019.sdmp, _brotli.cp310-win_amd64.pyd.0.drfalse
                                                                                            		high
                                                                                            https://docs.python.org/3/glossary.html#term-eafpcJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED14000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://json.orgcJ6xbAA5Rn.exe, 00000002.00000003.1592794821.000002407DE79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://zopeinterface.readthedocs.io/en/latest/cJ6xbAA5Rn.exe, 00000002.00000003.1592953974.000002407DEF2000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DD50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688cJ6xbAA5Rn.exe, 00000002.00000002.2807538438.000002407D79C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://httpbin.org/postcJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E440000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://img.shields.io/readthedocs/websockets.svgcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                  		high
                                                                                                  https://www.rfc-editor.org/rfc/rfc6455.html#section-7.1.6cJ6xbAA5Rn.exe, 00000002.00000002.2808684159.000002407E7B0000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.rfc-editor.org/rfc/rfc6455.html#section-7.1.5cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407EC60000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2809049241.000002407ED40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DA50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.robotstxt.org/norobots-rfc.txtbase_library.zip.0.drfalse
                                                                                                          		high
                                                                                                          https://github.com/python-websockets/websockets/blob/main/CODE_OF_CONDUCT.mdcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                            		high
                                                                                                            http://ocsp.thawte.com0cJ6xbAA5Rn.exe, 00000000.00000003.1575534906.00000215B2159000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.python.org/cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E440000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                		high
                                                                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readercJ6xbAA5Rn.exe, 00000002.00000003.1593316917.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1590486889.000002407DB0E000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1587716956.000002407BC20000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592272563.000002407DAB4000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807327854.000002407BB78000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592651914.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.rfc-editor.org/rfc/rfc6455.html#section-5.6cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.rfc-editor.org/rfc/rfc6455.html#section-5.4cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E5AC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E57B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.python.org/dev/peps/pep-0205/cJ6xbAA5Rn.exe, 00000000.00000003.1579784140.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                        		high
                                                                                                                        http://ip-api.com/json/oppcJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/python-attrs/attrs/issues/428cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DF05000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DE9D000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592794821.000002407DECC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DEF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://wiki.python.org/moin/DunderAliascJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DF05000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DE9D000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592794821.000002407DECC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592342539.000002407DEF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/python/cpython/pull/28073cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DF16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sycJ6xbAA5Rn.exe, 00000002.00000003.1593316917.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1590486889.000002407DB0E000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1587716956.000002407BC20000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592272563.000002407DAB4000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807327854.000002407BB78000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000003.1592651914.000002407DAFB000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://websockets.readthedocs.io/en/stable/intro/index.htmlcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://github.com/python-websockets/websockets/issuescJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_APIcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/python-websockets/websockets/blob/main/LICENSEcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                        		high
                                                                                                                                        http://docs.python.org/3/library/subprocess#subprocess.Popen.terminatecJ6xbAA5Rn.exe, 00000002.00000003.1591466828.000002407DE53000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807538438.000002407D79C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.rfc-editor.org/rfc/rfc6455.html#section-5.5.2cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E5AC000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E57B000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.rfc-editor.org/rfc/rfc6455.html#section-5.5.3cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://websockets.readthedocs.io/METADATA.0.drfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://vorpus.org/blog/some-thoughts-on-asynchronous-api-design-in-a-post-asyncawait-world/#websockcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://pastebin.com/raw/D2WBNJMD5rn.execJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://tidelift.com/subscription/pkg/pypi-websockets?utm_source=pypi-websockets&utm_medium=referralcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://cffi.readthedocs.io/en/latest/using.html#callbackscJ6xbAA5Rn.exe, cJ6xbAA5Rn.exe, 00000002.00000002.2812770842.00007FFB1BA5C000.00000002.00000001.01000000.00000020.sdmp, _cffi_backend.cp310-win_amd64.pyd.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/python-websockets/websocketscJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://websockets.readthedocs.io/en/stable/project/changelog.htmlcJ6xbAA5Rn.exe, 00000000.00000003.1580259493.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.openssl.org/HcJ6xbAA5Rn.exe, 00000000.00000003.1575673517.00000215B2159000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2816846471.00007FFB1DF1B000.00000002.00000001.01000000.0000000E.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmp, libssl-1_1.dll.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://bugs.python.org/issue37179cJ6xbAA5Rn.exe, 00000002.00000002.2808046243.000002407DF50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2807873910.000002407DF16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://packaging.python.org/specifications/entry-points/cJ6xbAA5Rn.exe, 00000002.00000002.2807787719.000002407DC50000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808368042.000002407E499000.00000004.00000020.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808885324.000002407E9D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pycJ6xbAA5Rn.exe, 00000002.00000002.2807697786.000002407DACC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/saghul/aiodns/issues/86cJ6xbAA5Rn.exe, 00000002.00000002.2808885324.000002407E9D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.attrs.org/cJ6xbAA5Rn.exe, 00000002.00000002.2808684159.000002407E7B0000.00000004.00001000.00020000.00000000.sdmp, cJ6xbAA5Rn.exe, 00000002.00000002.2808279928.000002407E270000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown

                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public IPs

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            208.95.112.1
                                                                                                                                                            		ip-api.comUnited States
                                                                                                                                                            		53334TUT-ASUSfalse
                                                                                                                                                            64.23.128.101
                                                                                                                                                            		unknownUnited States
                                                                                                                                                            		3064AFFINITY-FTLUSfalse
                                                                                                                                                            172.67.19.24
                                                                                                                                                            		pastebin.comUnited States
                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                            Private

                                                                                                                                                            IP
                                                                                                                                                            127.0.0.1

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                            Analysis ID:1570255
                                                                                                                                                            Start date and time:2024-12-06 17:39:18 +01:00
                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 9m 2s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                            Number of analysed new started processes analysed:8
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Sample name:cJ6xbAA5Rn.exe
                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                            Original Sample Name:fc194128c1f7b9b1e338464b0861606b.exe
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal68.troj.evad.winEXE@6/80@3/4
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 90%
                                                                                                                                                            • Number of executed functions: 57
                                                                                                                                                            • Number of non-executed functions: 288
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                            Warnings

                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, conhost.exe
                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 20.190.177.23, 20.190.147.11, 20.190.177.84, 20.190.147.9, 20.190.177.21, 20.190.177.146, 20.190.147.2, 20.190.147.3, 20.101.57.9, 20.42.73.29
                                                                                                                                                            • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, twc.trafficmanager.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, dns.msftncsi.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                            • VT rate limit hit for: cJ6xbAA5Rn.exe

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            No simulations

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            208.95.112.15eAjHgPxj2.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                                                                                                                            • ip-api.com/json/
                                                                                                                                                            e2mzbWePHw.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                                                                                                                            • ip-api.com/json/
                                                                                                                                                            Transferencia de pago.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • ip-api.com/line/?fields=hosting
                                                                                                                                                            file.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                                                                            • ip-api.com/line/?fields=hosting
                                                                                                                                                            Cooperative Agreement0000800380.docx.exeGet hashmaliciousBabadeda, Blank GrabberBrowse
                                                                                                                                                            • ip-api.com/json/?fields=225545
                                                                                                                                                            93z4kPX7B6.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                            • ip-api.com/line/?fields=hosting
                                                                                                                                                            https___files.catbox.moe_l2rczc.pif.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • ip-api.com/json/?fields=225545
                                                                                                                                                            LxgGXCC4AL.exeGet hashmaliciousXWormBrowse
                                                                                                                                                            • ip-api.com/line/?fields=hosting
                                                                                                                                                            LMm6yxQtcf.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                            • ip-api.com/json/
                                                                                                                                                            aZPQ3mKZSa.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • ip-api.com/line/?fields=hosting

                                                                                                                                                            Domains

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            s-part-0033.t-0009.t-msedge.netLEmJJ87mUQ.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                            • 13.107.246.61
                                                                                                                                                            https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 13.107.246.61
                                                                                                                                                            http://nxejt.polluxcastor.topGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 13.107.246.61
                                                                                                                                                            https://mzvdazkxhcgohr.azureedge.net/7766j/?fbclid=IwY2xjawEYc-5leHRuA2FlbQEwAAEdG07X18DGPEURgpfyaSZY6plE3zyyIkcG5kokds9mnvD6i-BtmiU_lzIp_aem_ff88HnOUTFQFLZ993tisVw#Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 13.107.246.61
                                                                                                                                                            https://www.imca-int.com/safety-events/loss-of-pressure-to-divers-primary-air-supply/#msdynttrid=gm4lm4Er39QjZQgkKZVlOHSa50W_Z4pWVjSg4GGAJjQGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 13.107.246.61
                                                                                                                                                            https://4smgswwi.r.us-west-2.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%252F%252FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==/1/0101019079f53360-ad062f3a-6c08-4c14-8569-269fb9f20297-000000/mkI5299-kBX9yyfDwVrQlybi5Wk=382Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 13.107.246.61
                                                                                                                                                            umcu.org.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 13.107.246.61
                                                                                                                                                            ip-api.com5eAjHgPxj2.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            e2mzbWePHw.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            Transferencia de pago.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            file.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            Cooperative Agreement0000800380.docx.exeGet hashmaliciousBabadeda, Blank GrabberBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            93z4kPX7B6.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            https___files.catbox.moe_l2rczc.pif.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            LxgGXCC4AL.exeGet hashmaliciousXWormBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            LMm6yxQtcf.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            aZPQ3mKZSa.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            bg.microsoft.map.fastly.netvUlh7stUHJ.exeGet hashmaliciousXWormBrowse
                                                                                                                                                            • 199.232.214.172
                                                                                                                                                            lg1wwLsmCX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 199.232.214.172
                                                                                                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                            • 199.232.210.172
                                                                                                                                                            lg1wwLsmCX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 199.232.210.172
                                                                                                                                                            IFhqcKaIol.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 199.232.214.172
                                                                                                                                                            17334905466c073176eadfc4a4d1af620c5aa97d12d1156570ede93d276f9fa6d51fffb6c5778.dat-decoded.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                            • 199.232.210.172
                                                                                                                                                            phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 199.232.210.172
                                                                                                                                                            1733479268d0423578683b481c87d2b90a74213612e8837faf7f066c8e81ec92f9b2658c65965.dat-decoded.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                                                                                                                            • 199.232.210.172
                                                                                                                                                            1733479274b6398afce8a86557af12b8f232b1cc4638f7df1d6de31554c2e013c23277a5b9785.dat-decoded.exeGet hashmaliciousPureCrypterBrowse
                                                                                                                                                            • 199.232.214.172
                                                                                                                                                            mjf2ERXdI5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 199.232.210.172

                                                                                                                                                            ASNs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            CLOUDFLARENETUSDEKONTU.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                            • 188.114.96.6
                                                                                                                                                            dekontu.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                            • 188.114.97.6
                                                                                                                                                            QUOTATION_DECQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                            • 188.114.96.6
                                                                                                                                                            DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 104.21.90.137
                                                                                                                                                            QUOTATION_DECQTRA071244 PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                            • 188.114.97.6
                                                                                                                                                            Shipping Documents 72908672134.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 104.26.13.205
                                                                                                                                                            MOV-3912968547-(Cstolfi)MMS028.mp4.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 104.17.25.14
                                                                                                                                                            https://app.droplet.io/form/K47rYNGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.22.59.181
                                                                                                                                                            IO7R6LIL3OH.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.21.6.203
                                                                                                                                                            https://shorturl.at/yWYYs?US=1583v79iGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.26.9.129
                                                                                                                                                            TUT-ASUS5eAjHgPxj2.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            e2mzbWePHw.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            Transferencia de pago.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            file.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            Cooperative Agreement0000800380.docx.exeGet hashmaliciousBabadeda, Blank GrabberBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            93z4kPX7B6.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            https___files.catbox.moe_l2rczc.pif.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            LxgGXCC4AL.exeGet hashmaliciousXWormBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            LMm6yxQtcf.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            aZPQ3mKZSa.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 208.95.112.1
                                                                                                                                                            AFFINITY-FTLUSjew.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 207.36.247.179
                                                                                                                                                            main_x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 64.159.94.68
                                                                                                                                                            la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 64.23.186.29
                                                                                                                                                            sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                            • 207.36.200.181
                                                                                                                                                            http://ahcli.comcastbiz.netGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 64.71.35.43
                                                                                                                                                            https://linklock.titanhq.com/analyse?url=https%3A%2F%2Fmyarrowleaf1-my.sharepoint.com%2F%3Af%3A%2Fg%2Fpersonal%2Fmarge_penrod_myarrowleaf_org%2FElQV40bjfBZKivPSKIPxGuYBa20TAVuQG9ya4YrQRKjHiQ%3Fe%3D7nML8f&data=eJxVzctugzAQBdCvMbtGBqOkWXhBlOYhUiW0VaR0gyZgGyL80Ng05e8L6aaVZlZz7p2Kz5PlPI1BxBQqFtW8qkF14P2ssjrSfEEPxukjHONsHXlusRboSUrN_aG0VA-IPFyxVU0QOB7_dfS8CcF5wjKSbMbRAyDaeydAxk96mPkGUDjbmjDxybBM_mo1rhv_WQPdlARUonTCoK3LPzWlxUm-dMU5pdebXH3m7dfpPd-fvrf9ZQUJ_cjOfbFdDpBesHjLb7u2IGwjCFsvzOvhWf4A0NhYxQ%25%25Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 64.23.155.205
                                                                                                                                                            mpsl.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                            • 64.157.152.218
                                                                                                                                                            arm7.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                            • 64.157.89.246
                                                                                                                                                            la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 216.110.188.206
                                                                                                                                                            la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 207.234.244.218

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            No context

                                                                                                                                                            Dropped Files

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI13162\VCRUNTIME140.dllmain.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              8FloezlGW7.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                DeepLSetup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    MicrosoftPrt.exe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      BkTwXj17DH.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        TVr2Z822J3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          Rechnung_2024_0091.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                            MicrosoftPrt.exe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              MicrosoftPrt.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\MSVCP140.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):621480
                                                                                                                                                                                Entropy (8bit):6.3389749775129856
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:XO93oUW7jh6DN0RUhsduQjqDZ6X/t5mTOKGmJ7DseBiltBMQEKZm+jWodEEVoFr:S3oUW7jh6DN0RUhsduQjqDZ6X/t5mTOe
                                                                                                                                                                                MD5:B649614CA00D57A5571BB524DC20AD96
                                                                                                                                                                                SHA1:0E1998E87375794776AA732F428672D912CDD521
                                                                                                                                                                                SHA-256:C8F1FD703F67C2B39C9175DDE34FEF37BD3E31AB68F57DE1F12A01A31AC6FAE4
                                                                                                                                                                                SHA-512:0288B3E5FDB9DDACF9746B8B4B7E8E0462C8981635660690DCF8B79DEE5978EC240A37224F7E57B9753E9BC24E84A12A0D4279B0571402BE4D1497AE47DD1F27
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`..r$..!$..!$..!.O.!&..!-.|!2..!v.. '..!$..!...!v.. '..!v.. o..!v.. j..!v.. %..!v..!%..!v.. %..!Rich$..!................PE..d.....0].........." .........`...... ...............................................%.....`A............................................h....................0..t@...T...'..............8............................................ ..........@....................text...<........................... ..`.rdata..<.... ......................@..@.data....;..........................@....pdata..t@...0...B..................@..@.didat..h............B..............@....rsrc................D..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\VCRUNTIME140.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):98736
                                                                                                                                                                                Entropy (8bit):6.474996871326343
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
                                                                                                                                                                                MD5:F12681A472B9DD04A812E16096514974
                                                                                                                                                                                SHA1:6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
                                                                                                                                                                                SHA-256:D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
                                                                                                                                                                                SHA-512:7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: 8FloezlGW7.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: DeepLSetup.msi, Detection: malicious, Browse
                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: MicrosoftPrt.exe.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: BkTwXj17DH.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: TVr2Z822J3.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: Rechnung_2024_0091.pdf.lnk, Detection: malicious, Browse
                                                                                                                                                                                • Filename: MicrosoftPrt.exe.exe, Detection: malicious, Browse
                                                                                                                                                                                • Filename: MicrosoftPrt.exe, Detection: malicious, Browse
                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\VCRUNTIME140_1.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):38304
                                                                                                                                                                                Entropy (8bit):6.3923853431578035
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:Xhh4pTUUtmUwqiu8oSRjez6SD7GkxZYj/9zLUr:xJ9x70GkxuZz2
                                                                                                                                                                                MD5:75E78E4BF561031D39F86143753400FF
                                                                                                                                                                                SHA1:324C2A99E39F8992459495182677E91656A05206
                                                                                                                                                                                SHA-256:1758085A61527B427C4380F0C976D29A8BEE889F2AC480C356A3F166433BF70E
                                                                                                                                                                                SHA-512:CE4DAF46BCE44A89D21308C63E2DE8B757A23BE2630360209C4A25EB13F1F66A04FBB0A124761A33BBF34496F2F2A02B8DF159B4B62F1B6241E1DBFB0E5D9756
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L......................h.........G.........:...h.......h.......h.......h.......h.+.....h.......Rich............................PE..d................." ... .:...6.......A..............................................B.....`A.........................................m.......m..x....................n...'......D....c..p...........................`b..@............P..`............................text....9.......:.................. ..`.rdata..."...P...$...>..............@..@.data................b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..D............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_asyncio.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):64384
                                                                                                                                                                                Entropy (8bit):6.124222036766225
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:Avp7Wh7XUKgOr8R4CjavFHx8FI15nvQ7Syv9h:AvtWhzUKF8R4Cjahx8FI15noHh
                                                                                                                                                                                MD5:B988A4DE700D7016B472534990FB91C7
                                                                                                                                                                                SHA1:D53A24F4BC5CC26A1FF04292E0935B0E2AEFAD61
                                                                                                                                                                                SHA-256:91D9BF73B360BA801BA595E90DBFF182EF9C682331E2D39D210999A63D4BDE54
                                                                                                                                                                                SHA-512:BEA0C0CAF2D8B58AA8D066F9E475938A94320E027656D48114E988C96955D7EAAD73442290FDC0FF4034484CDA53A8A2A38075B667305750AF3EB4ECB4C83904
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.M[r.#.r.#.r.#.{...p.#..".p.#..&.~.#..'.z.#.. .q.#...".q.#...".p.#.r."...#.....s.#...#.s.#.....s.#...!.s.#.Richr.#.................PE..d...M..c.........." ...!.T..........`.....................................................`.............................................P...P...d........................)...........w..T...........................@v..@............p.. ............................text....R.......T.................. ..`.rdata...I...p...J...X..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_brotli.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):881664
                                                                                                                                                                                Entropy (8bit):6.130666431053556
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:XCJ+rcI2+Lf+G8vi2onrhZFQMd65Tx8Y4AHhly08bXTw05nmZfRR:XCJ0cI2+Oi209Q+674AkgAmZfRR
                                                                                                                                                                                MD5:6D44FD95C62C6415999EBC01AF40574B
                                                                                                                                                                                SHA1:A5AEE5E107D883D1490257C9702913C12B49B22A
                                                                                                                                                                                SHA-256:58BACB135729A70102356C2D110651F1735BF40A602858941E13BDEABFACAB4A
                                                                                                                                                                                SHA-512:59B6C07079F979AD4A27EC394EAB3FDD2D2D15D106544246FE38F4EB1C9E12672F11D4A8EFB5A2A508690CE2677EDFAC85EB793E2F6A5F8781B258C421119FF3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..>2o.m2o.m2o.m;.\m:o.m&..l0o.m`..l4o.md..l1o.m2o.mso.m`..l#o.m`..l:o.m`..l6o.mj..l,o.mj..l3o.mj.0m3o.mj..l3o.mRich2o.m........PE..d...^..a.........." .........z......,.....................................................`..........................................C..`...pC...............`...(..................0...............................P...8............................................text...,........................... ..`.rdata...;.......<..................@..@.data...X....P.......>..............@....pdata...(...`...*...F..............@..@.rsrc................p..............@..@.reloc...............r..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_bz2.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):83328
                                                                                                                                                                                Entropy (8bit):6.531771207241935
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:U4xz7q1pfcaq90kt86L9RP0Z0i8mjeVttI1tVQ7SyoV0:DxzGcLLHy0Vmj2tI1tVQGV0
                                                                                                                                                                                MD5:183F1289E094220FBB2841918798598F
                                                                                                                                                                                SHA1:E85072E38AB8ED17C13DD4C65DCF20EF8182672B
                                                                                                                                                                                SHA-256:164F1BF42630B589B50C8F0C6E55AAA8D817E439A00882BE036FFF3CBE8E6DED
                                                                                                                                                                                SHA-512:A0A5536709B0701C10B91AB1C670DE80163689BD95168EA5DC5EBC11B20D84DA4C639495779D0317659D6B1CE037DAF34764F78759B3F0D785E33B52FA94FFAD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........G...G...G...N.E.M......E....+.D......J......O......C......D......E...G..........O......F....).F......F...RichG...................PE..d...`..c.........." ...!.....^..............................................P.......E....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...W........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):181248
                                                                                                                                                                                Entropy (8bit):6.191174351377468
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:fp5LZ3sgWSqjfy8dBbm/6WnUsHozssS7piSTLkKyS7TlSyQH:fptZ8gW9jrBbQnfIzLIiSTLLymlSy
                                                                                                                                                                                MD5:6F1B90884343F717C5DC14F94EF5ACEA
                                                                                                                                                                                SHA1:CCA1A4DCF7A32BF698E75D58C5F130FB3572E423
                                                                                                                                                                                SHA-256:2093E7E4F5359B38F0819BDEF8314FDA332A1427F22E09AFC416E1EDD5910FE1
                                                                                                                                                                                SHA-512:E2C673B75162D3432BAB497BAD3F5F15A9571910D25F1DFFB655755C74457AC78E5311BD5B38D29A91AEC4D3EF883AE5C062B9A3255B5800145EB997863A7D73
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.....C...C...C..NC...CI..B...C}. C...CI..B...CI..B...CI..B...C...B...C...B...C...C..C...B...C..HC...C...B...C.."C...C...B...CRich...C........PE..d...o.b.........." .........@...............................................0............`..........................................g..l...|g..................H............ .......M...............................M..8............................................text...H........................... ..`.rdata..............................@..@.data....\.......0...v..............@....pdata..H...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_ctypes.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):122752
                                                                                                                                                                                Entropy (8bit):6.022128701097231
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:DQxtbmWe9Ye3ehG+2Et7MqfrSB08EficBI1QPsR7Q:DQxKOhGBEtgqfrSpEfic3
                                                                                                                                                                                MD5:9872A3AEEE09CF796A1190B610CF0A54
                                                                                                                                                                                SHA1:9D9EABA3946F4EA8B26E952586C01B9BD8395693
                                                                                                                                                                                SHA-256:147B080CEB8DFD6DF865570ADDBA3864659ADEF4B85A20B750F3CA6735C4BF1B
                                                                                                                                                                                SHA-512:B49503E5DB34C0A6F5DBF9AEE215C55F4C5D82CB0906E37A78252D13D9C3CE9673EBDA026BE3B801D6C1D1D4A070AD2A9FAB5C9051C9586651AD363A0B469C3F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........j.x.j.x.j.x.c..l.x..y.h.x..}.f.x..|.b.x..{.n.x..y.h.x...|.k.x...y.l.x..y.i.x.j.y...x..u.l.x..x.k.x...k.x..z.k.x.Richj.x.........PE..d...\..c.........." ...!............P[....................................................`..........................................Q.......R...........................).......... ...T...............................@...............@............................text............................... ..`.rdata..nl.......n..................@..@.data...D>...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_decimal.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):250240
                                                                                                                                                                                Entropy (8bit):6.544772823266795
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:6144:1x8MAGUyuqHq+kVDTykdBIBm3ckL9qWMa3pLW1Ae4ZZ:jBUwHqrD/BIBFm9ZZ
                                                                                                                                                                                MD5:6B07F5C49AE2AF116E4D41CE7D552451
                                                                                                                                                                                SHA1:6339519C7247F08AEA6A10190B5D61321DFA8714
                                                                                                                                                                                SHA-256:04AFE789EAB63D204337E9EDABEF1E1CD003DB69D66DC2CF0FC9E9E7A47304A6
                                                                                                                                                                                SHA-512:3FA82EE955E61913BCCD58AA72448D02DFAA2636C850746258B6D19CBF2BFCC8241F9EF66618CFC7760C0B15D77625A7C450784D7EE9C09D588A091DAB5801BC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.0S..^...^...^.......^..._...^...[...^...Z...^...]...^..._...^..._...^..._...^...]...^...S...^...^...^......^...\...^.Rich..^.........PE..d...W..c.........." ...!.p...:............................................................`..........................................D..P....D..................l'.......)......@.......T...........................@...@............................................text...9o.......p.................. ..`.rdata...............t..............@..@.data....)...`...$...L..............@....pdata..l'.......(...p..............@..@.rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_hashlib.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):61824
                                                                                                                                                                                Entropy (8bit):6.209944911666485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:kSr5iGzcw1lJFWaqePkx6UZgL4dqzswE9+B1fFI15IIYiSyvFeEZQ:NxTlJFWaIx5ZbdqzOgB1fFI15II7SyNw
                                                                                                                                                                                MD5:F883652E056FF4882E1BC900D382EDAB
                                                                                                                                                                                SHA1:34F5D93EEA4DEFE48135BF7000CCE8CFA9E53EEB
                                                                                                                                                                                SHA-256:583F6D20998E45FF94400EFAEECC4E17204449A0CC7BA68A20D1E8D13617F27B
                                                                                                                                                                                SHA-512:4DF74DA9FEEA4E06149B22D08D249B7207C7B7AB0D44A8A9DDAA7810718B28EE56C0EE8429154C28525B6F9379357293B8DECE10491C32FB72D1C8C82DBDE89D
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A.g...g...g.......g..J....g..J....g..J....g..J....g..G....g.......g.......g...g..Mg..G....g..G....g..G.l..g..G....g..Rich.g..........................PE..d...a..c.........." ...!.P...z.......<....................................................`............................................P...@............................)......X....l..T............................k..@............`..(............................text....N.......P.................. ..`.rdata..VM...`...N...T..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_lzma.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):158080
                                                                                                                                                                                Entropy (8bit):6.836311476511275
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:T+sMZ4drcsAF5FRm1sznfI9mNoJapHVZKetI1e1Z70:T+sMAIt5hwYOJatKeG
                                                                                                                                                                                MD5:FD4C7582BEE16436BB3F790E1273EB22
                                                                                                                                                                                SHA1:6D6850B03C5238FFF6B53CB85F94EFF965FA8992
                                                                                                                                                                                SHA-256:8AA5CD82D775EA718D3DDD270F0B28985D8711EF937447EE2168318200F0EB80
                                                                                                                                                                                SHA-512:C508BEA6E1EED5B71B3E78D0817C6FCE27152F6BC539FEA94C7923183339C1559655B74808EF0403DBC458E037342DE97C3B01E06E7B7F56CE152267F8DB8A80
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x....@...@...@...@...@2..A...@2..A...@2..A...@2..A...@?..A...@a..A...@...@...@?..A...@?..A...@?..@...@?..A...@Rich...@........................PE..d...o..c.........." ...!.d...........7..............................................7.....`.........................................0%..L...|%..x....p.......P.......@...)......H.......T...........................`...@............................................text...>c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..H............>..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_multiprocessing.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):33152
                                                                                                                                                                                Entropy (8bit):6.324115981464357
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:gHI6RwgJ5xeyg2edhnJ81I1RtzjYiSyv88eEn:IIoJ5Uyg2edhJ81I1Rtzj7Syk8B
                                                                                                                                                                                MD5:3013453FDC60AD7F6A18A0B72036BA1E
                                                                                                                                                                                SHA1:35E727D44B29F4F7F352065E44B5BE3A1710BAAD
                                                                                                                                                                                SHA-256:8BFD4A0CE42D9DB9270C20A143AEF081EFE1F04E4171A4D620CB77A224139E1D
                                                                                                                                                                                SHA-512:E905D880BEBEC57C74564153AF30333E34677C5A500A58BF2219AB9A00FCA396462CE1A13B81C1E006C06BF7DBC829DD700494F285C446509E6F6DE74D81A6DF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.w*||.y||.y||.yu..y~|.y...x~|.y...xq|.y...xt|.y...x.|.y...x~|.y||.y%|.y...xy|.y...x~|.y...x}|.y...y}|.y...x}|.yRich||.y........PE..d...O..c.........." ...!.....<......0.....................................................`.........................................0D..`....D..x....p.......`.......X...)...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_overlapped.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):48512
                                                                                                                                                                                Entropy (8bit):6.318494557838353
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:/y4KxKYCKl5j7gKZwX5QpZlUXF1SVcHE4f5I1stvYiSyv75eEJc:7Kxf526k1SVmBf5I1stv7SyD5Xc
                                                                                                                                                                                MD5:F6D69DAC927D18C3596F490BBB642B8E
                                                                                                                                                                                SHA1:C40DB435DB3E1AEB2C3CB03635F74A92BE54657D
                                                                                                                                                                                SHA-256:B4C2156119BEE84C5D153415D9FE802825A7179877B8943DC00C38A5C985EB7D
                                                                                                                                                                                SHA-512:30EC35604D957BA5961590A91B88F6CB209A1D09AD43C5F24195617FF9002FD6A3F359676E4844C5793348EA9BE9611D759A4FC92E8B46752E357398F8FB09E4
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hW{..9(..9(..9(.q.(..9($r8)..9($r<)..9($r=)..9($r:)..9()r8)..9(..8(..9(w{8)..9(w{=)..9()r4)..9()r9)..9()r.(..9()r;)..9(Rich..9(................PE..d...Z..c.........." ...!.>...X...... ................................................U....`..........................................w..X...(x...........................)...... ....V..T............................U..@............P...............................text....<.......>.................. ..`.rdata...4...P...6...B..............@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_queue.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):30592
                                                                                                                                                                                Entropy (8bit):6.414358413403523
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:9ez/DFt6r35krAIeBI17UzYiSyvIeEuhC:9eDG35krAIeBI17Uz7SyAghC
                                                                                                                                                                                MD5:1AC1D8599977B0731665BA01E946F481
                                                                                                                                                                                SHA1:A90181902ACD3262920F1E7F11D030CD086D57C7
                                                                                                                                                                                SHA-256:C6D4F9C54EFE7536BBA4F9A2A4E7DA46C5AF74771EA2FA881287C61DB9676986
                                                                                                                                                                                SHA-512:473B7FBA46339EAAD4C1680491C2D533F005FC5DDEF2104F3D3600145C0368A79757068B9B78017CF9700C7167F23B77BEB84EE522472234C32D0C5287DD80D1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.MZr.#.r.#.r.#.{...p.#..".p.#..&.~.#..'.z.#.. .q.#...".q.#...".p.#.r.".;.#.....s.#...#.s.#.....s.#...!.s.#.Richr.#.........PE..d...T..c.........." ...!.....8......................................................6<....`..........................................C..L....C..d....p.......`.......N...)..........`4..T........................... 3..@............0..(............................text............................... ..`.rdata..2....0......................@..@.data...x....P.......:..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_socket.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):77696
                                                                                                                                                                                Entropy (8bit):6.250117226468797
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:cjYndNP4/Iujm9/s+S+psE2i8k/DDzCfiBI1QwO7Sy2/A:mYnrP4wujm9/sT+psE2fk/XGfiBI1QwM
                                                                                                                                                                                MD5:F73B9863071FB3088C08605F76B8E909
                                                                                                                                                                                SHA1:E74BC96F45E1E0C283A93DC1A07E497CF724FF55
                                                                                                                                                                                SHA-256:8EFDBACF67C223F47B608E57222CF80DD12CEE163945847F6CFA9EA6C26ADA36
                                                                                                                                                                                SHA-512:CC414ADD8E017C805D3D822B94781EF6A1C4260F959CB3C9825EABE35522AF7C9F47796E4EEA4B77D176C29030141DD92FD8119A7ED6B60248144E55B9DA1C5C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w................^......^......^......^......S.........h..........S......S......S......S......Rich...................PE..d...b..c.........." ...!.l...........%.......................................P.......8....`.............................................P...P........0....... ..l........)...@.........T...............................@............................................text...bj.......l.................. ..`.rdata...s.......t...p..............@..@.data...............................@....pdata..l.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_ssl.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):159104
                                                                                                                                                                                Entropy (8bit):6.001301283212139
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:8OoLGtbSpE3z/J/PUETu/e5J2oEPwu3rE923+nuI5Piev9mutI1t7haV:8OoitbSpE3zhH5u/oE8nuaF9mu5
                                                                                                                                                                                MD5:955B117AE363945352C6BA5A18163736
                                                                                                                                                                                SHA1:0B85D366B38120157E65F5A19551C42569B1A6F5
                                                                                                                                                                                SHA-256:09FDF00110ACFA4C3239DE64D7955A625195625745559432A13E97C9D0E01368
                                                                                                                                                                                SHA-512:02F3E1A25F92B2B86E3883BB6AE2F1BFBFFD6695BCB56E301BC157D38F205565E58B598F382220778DA0CCF3E90F7EE9FD1E44E64CB387A7A5C00DF00AAFE57B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0"..QLL.QLL.QLL.).L.QLLx*MM.QLLx*IM.QLLx*HM.QLLx*OM.QLLu*MM.QLL.+MM.QLL.QMLvPLL+#MM.QLLu*AM.QLLu*LM.QLLu*.L.QLLu*NM.QLLRich.QLL........................PE..d...e..c.........." ...!............l*....................................................`............................................d...4........`.......P.......D...)...p..<.......T...............................@............................................text...x........................... ..`.rdata..J...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..<....p.......6..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\_uuid.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):23936
                                                                                                                                                                                Entropy (8bit):6.530105872812649
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:XfwFpEWC6TfQtI1ewIY6IYiSy1pCQxtw4i/8E9VF0NyfZ8hqg:XqpE6jQtI1ewDHYiSyvfweEL8L
                                                                                                                                                                                MD5:13BEBFE58F648AE56A149A46E917EB01
                                                                                                                                                                                SHA1:6D919ADA0DBD6FD3B927A73CA1B49C594238E314
                                                                                                                                                                                SHA-256:4545291ADFFA28E6A16EC3867CE802CFCD49C791F5EC68BDCF0E2FCACADAB258
                                                                                                                                                                                SHA-512:BC5532F163DA0ECCFEA4E28287F8BD1B225324A2068F3C47E07B8E3418266A007E9471EBC26E64615BC82EB0DB6DE226F6B3FA458AA429AC888B301B0423325B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........RpR.<#R.<#R.<#[..#P.<#..="P.<#..9"^.<#..8"Z.<#..?"Q.<#..="P.<#..="W.<#R.=#x.<#..4"S.<#..<"S.<#...#S.<#..>"S.<#RichR.<#................PE..d...W..c.........." ...!.....&...... ........................................p......Ww....`.........................................`)..L....)..x....P.......@.......4...)...`..@...`#..T........................... "..@............ ..8............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_helpers.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):48640
                                                                                                                                                                                Entropy (8bit):5.7956210103648464
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:yDw6MRZ0o/U0ZSEJsneAb4V8D30J1D+qBeAWhyx6CSy:Kwvqo80ns0V870J1D+qBeAWh2f
                                                                                                                                                                                MD5:4A415AB1E25452A1091D397E5CA6BA86
                                                                                                                                                                                SHA1:5006A2D9710A69A801185D180869FAF3D4182A2F
                                                                                                                                                                                SHA-256:02551037A4C2FE8DA39A6B6D010FB2AB0E6E3727D3E203E3DFAF47B8A852C9D9
                                                                                                                                                                                SHA-512:5128F08F11F2FC8C1ACD3BF68352BB16AE29C9DAC8E27271B1041B024A64C1F5E04964BB1B48EF51573132F37FE46C597EB052FBD0A82D12F58EFC65398288A6
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k......................5........................S.........t..._......_......_......_......Rich...........................PE..d....m.a.........." .....r...P......P.....................................................`.........................................0...`.......d......................................................................8............................................text....q.......r.................. ..`.rdata...$.......&...v..............@..@.data...P...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_http_parser.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):242688
                                                                                                                                                                                Entropy (8bit):6.130169005563094
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:ng3Qd6d9pXp73cAHjRbert/jv9JtQ1G2VJ/zAk+VUqW5rRQp:gAq9pVMAt6rtvtSV97+VT0RQ
                                                                                                                                                                                MD5:178EF96CF199BBBA167958124F450FEA
                                                                                                                                                                                SHA1:AA21DEDFBA83B858EAD3D85BBFFE3E8B11EFE6F5
                                                                                                                                                                                SHA-256:ADD26DE3C00EAD9F479D7B51EA2F4ED90FB40B85E87743C1643159E8CB48B5C6
                                                                                                                                                                                SHA-512:8A9FA9711DA76605E4968111DFF26AEC46F3DCD9D6B98EA43FDD18218877D086859E6D6905EA979A8DBEC4F037677149FF2DB9F94FCE4D6F6AE910184A44EAC3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@h.S.............q~.....V|.......{.......|..............V|......V|......V|.......|.......|.......|.......|......Rich............PE..d....m.a.........." ................`.....................................................`.............................................h.......d...............L.......................................................8............................................text............................... ..`.rdata..PX.......Z..................@..@.data........0...x..................@....pdata..L...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_http_writer.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):44544
                                                                                                                                                                                Entropy (8bit):5.805621955052662
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:sCmlf3AgaBJvqxcopV5isccre4CZnCTKZxsn1p9taccLgTpxcTNkXOKlnvG06Bm5:n8f3A3Bx2cy3OxGZmamPjDVuvVSDPu
                                                                                                                                                                                MD5:92DB6FDE577A5930018D307AECC371A4
                                                                                                                                                                                SHA1:E98FF77F80610AF5FF01C15333414D098DBE84F6
                                                                                                                                                                                SHA-256:D7CA456B3BDCB429A7B8AD765EF2AA59A50893C500334471E26D1395262BED40
                                                                                                                                                                                SHA-512:27C7695307099B263E88AE1FFEE94FF8856E2C1CBB240FFF4A64FF0A7EE3A126E25B427F04137A654B10AA0B7470527FC4552C2AF0BE82554FEF9B91E00A28F9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k........................1.........................W.........j...[......[......[......[......Rich...................PE..d....m.a.........." .....n..........P........................................@............`......................................... ...h.......d.... .......................0......`...................................8............................................text...Xl.......n.................. ..`.rdata... ......."...r..............@..@.data....V..........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\aiohttp\_websocket.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):28160
                                                                                                                                                                                Entropy (8bit):5.552514869181295
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:dYvLQRlPdRW5/2cSQnUk3qU+5vcnZ65NotcSrxZx589DGuu3seW633JqLzX4Zw8V:dcQRrRg/R4BvL689DGpNJe3aXQk
                                                                                                                                                                                MD5:F7FDC1464CB5822D0568340B50B9A774
                                                                                                                                                                                SHA1:B7AEF9C35E1A7FA9AE8DCEE01B226E54F0B76837
                                                                                                                                                                                SHA-256:4F717769224FA2F5BC9A0A1442A7DF878D2A600F66437D54404B79AED488F8BB
                                                                                                                                                                                SHA-512:F73F21B967D41FD4E08FCE631B9B4A107B60450E2CEF43D2EC103AE4D93149E50774ECFC69DF6CAAEDC9DBFCCAEE7B03E985627D4EF6ECB2578DCABD535E9986
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k........................1.........................W...........[......[......[......[......Rich...................PE..d....m.a.........." .....:...8......P.....................................................`..........................................]..d...4^..d....................................T.............................. U..8............P..@............................text...(9.......:.................. ..`.rdata..@....P.......>..............@..@.data...8....p.......Z..............@....pdata...............f..............@..@.rsrc................j..............@..@.reloc...............l..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13736
                                                                                                                                                                                Entropy (8bit):6.830867642122176
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WfBWfhWooeWvcuyjS7HnhWgN7a8WhlZGh+Il+jX01k9z3ARCvXD8N:W5WfhWd7HRN7sOEjR9zSSG
                                                                                                                                                                                MD5:71405F0BA5D7DA5A5F915F33667786DE
                                                                                                                                                                                SHA1:BB5CDF9C12FE500251CF98F0970A47B78C2F8B52
                                                                                                                                                                                SHA-256:0099F17128D1551A47CBD39CE702D4ACC4B49BE1BB1CFE974FE5A42DA01D88EB
                                                                                                                                                                                SHA-512:B2C6438541C4FA7AF3F8A9606F64EEEF5D77DDBC0689E7501074BB72B7CC907A8461A75089E5B70B881BC3B1BE009888FF25EA866FAAF1C49DD521027041295A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0......c.....`.........................................`...,............ ...................'..............T............................................................................rdata..,...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13224
                                                                                                                                                                                Entropy (8bit):6.838675218358012
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WTWfhWKkeWvcuyjS7HnhWgN7a8WhaYah+Il+jX01k9z3ARiuXLL1w:WTWfhWN7HRN7ISEjR9zS/f2
                                                                                                                                                                                MD5:A17D27E01478C17B88794FD0F79782FC
                                                                                                                                                                                SHA1:2B8393E7B37FB990BE2CDC82803CA49B4CEF8546
                                                                                                                                                                                SHA-256:AC227773908836D54C8FC06C4B115F3BDFC82E4D63C7F84E1F8E6E70CD066339
                                                                                                                                                                                SHA-512:DDC6DDA49D588F22C934026F55914B31E53079E044DEC7B4F1409668DBFE8885B887CC64A411D44F83BC670AC8A8B6D3AD030D4774EF7BF522F1D3BC00E07485
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....o*..........." .........................................................0...........`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13224
                                                                                                                                                                                Entropy (8bit):6.843944025237199
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:W/WfhWJeWvcuyjS7HnhWgN7a8WhpaWGaN4NhrJgX01k9z3An9PLLIh:W/WfhWJ7HRN7svTN4tgR9zYxi
                                                                                                                                                                                MD5:E485C1C5F33AD10EEC96E2CDBDDFF3C7
                                                                                                                                                                                SHA1:31F6BA9BECA535F2FB7FFB755B7C5C87AC8D226C
                                                                                                                                                                                SHA-256:C734022B165B3BA6F8E28670C4190A65C66EC7ECC961811A6BDCD9C7745CAC20
                                                                                                                                                                                SHA-512:599036D8FA2E916491BEDB5BB49B94458A09DDDD2908CF770E94BB0059730598EC5A9B0507E6A21209E2DCAE4D74027313DF87C9AB51FAD66B1D07903BAE0B35
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....r.r.........." .........................................................0......y.....`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13224
                                                                                                                                                                                Entropy (8bit):6.890661662475156
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WgmxD3JbDWfhWqjeWvcuyjS7HnhWgN7aUWh1kG1q21eX01k9z3ABfNBnJbIx:WgAbDWfhWo7HRN74l1l8R9zmfNBlg
                                                                                                                                                                                MD5:0FFB34C0C2CDEC47E063C5E0C96B9C3F
                                                                                                                                                                                SHA1:9716643F727149B953F64B3E1EB6A9F2013EAC9C
                                                                                                                                                                                SHA-256:863A07D702717CF818A842AF0B4E1DFD6E723F712E49BF8C3AF3589434A0AE80
                                                                                                                                                                                SHA-512:4311D582856D9C3CAC2CDC6A9DA2137DF913BCF69041015FD272C2780F6AB850895DEB69279A076376A2E6401C907CB23A3052960478A6CF4B566A20CCE61BD1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...Mz............" .........................................................0......h.....`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):16808
                                                                                                                                                                                Entropy (8bit):6.765025764551782
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:W/IAuVYPvVX8rFTs0WfhWueWvcuyjS7HnhWgN7a8Whiah+Il+jX01k9z3AR0Xik3:WVBPvVXuWfhWI7HRN7mEjR9zS0PP
                                                                                                                                                                                MD5:792C2B83BC4E0272785AA4F5F252FF07
                                                                                                                                                                                SHA1:6868B82DF48E2315E6235989185C8E13D039A87B
                                                                                                                                                                                SHA-256:D26D433F86223B10CCC55837C3E587FA374CD81EFC24B6959435A6770ADDBF24
                                                                                                                                                                                SHA-512:72C99CFF7FD5A762524E19ABEE5729DC8857F3EE3C8F78587625EC74F2AD96AF7DEE03ABA54B441CDA44B04721706BED70F3AD88453A341CBB51AAC9AFD9559E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d..._............." .........................................................@......1.....`.........................................`................0...................'..............T............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13224
                                                                                                                                                                                Entropy (8bit):6.862975499159515
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WKMWfhW0eWvcuyjS7HnhWgN7a8WhMcy/JdSh+Il+jX01k9z3ARvXdRfn8x:W9WfhWe7HRN7DcMyEjR9zSvn8x
                                                                                                                                                                                MD5:49E3260AE3F973608F4D4701EB97EB95
                                                                                                                                                                                SHA1:097E7D56C3514A3C7DC17A9C54A8782C6D6C0A27
                                                                                                                                                                                SHA-256:476FBAD616E20312EFC943927ADE1A830438A6BEBB1DD1F83D2370E5343EA7AF
                                                                                                                                                                                SHA-512:DF22CF16490FAA0DC809129CA32EAF1A16EC665F9C5411503CE0153270DE038E5D3BE1E0E49879A67043A688F6C42BDB5A9A6B3CEA43BF533EBA087E999BE653
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...m............." .........................................................0.......X....`.........................................`...L............ ...................'..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13224
                                                                                                                                                                                Entropy (8bit):6.946959524345588
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WrVzWfhW5eWvcuyjS7HnhWgN7a8Wh/g26WGaN4NhrJgX01k9z3An9fXPu:WrVzWfhW57HRN7qTN4tgR9zY8
                                                                                                                                                                                MD5:7F14FD0436C066A8B40E66386CEB55D0
                                                                                                                                                                                SHA1:288C020FB12A4D8C65ED22A364B5EB8F4126A958
                                                                                                                                                                                SHA-256:C78EAB8E057BDDD55F998E72D8FDF5B53D9E9C8F67C8B404258E198EB2CDCF24
                                                                                                                                                                                SHA-512:D04ADC52EE0CEED4131EB1D133BFE9A66CBC0F88900270B596116064480AFE6AE6CA42FEB0EAED54CB141987F2D7716BB2DAE947A025014D05D7AA0B0821DC50
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....'............" .........................................................0......w.....`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13224
                                                                                                                                                                                Entropy (8bit):6.862911306065441
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WxWfhWmeWvcuyjS7HnhWgN7aUWhR1+Eh+Il+jX01k9z3AReXz:WxWfhWg7HRN7eEQEjR9zSeD
                                                                                                                                                                                MD5:10F0C22C19D5BEE226845CD4380B4791
                                                                                                                                                                                SHA1:1E976A8256508452C59310CA5987DB3027545F3D
                                                                                                                                                                                SHA-256:154EF0BF9B9B9DAA08101E090AA9716F0FA25464C4EF5F49BC642619C7C16F0E
                                                                                                                                                                                SHA-512:3A5D3DC6448F65E1613E1A92E74F0934DD849433CECA593E7F974310CD96BF6AD6CCC3B0CB96BDB2DCC35514BC142C48CB1FD20FEE0D8FA236999AD155FC518B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................." .........................................................0...........`.........................................`...`............ ...................'..............T............................................................................rdata..`...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13736
                                                                                                                                                                                Entropy (8bit):6.815548225091973
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WUZlKWfhWieWvcuyjS7HnhWgN7a8WhwXh+Il+jX01k9z3ARxiXNk:W6lKWfhWM7HRN7J5EjR9zSw9k
                                                                                                                                                                                MD5:405038FB22CD8F725C2867C9B4345B65
                                                                                                                                                                                SHA1:385F0EB610FCE082B56A90F1B10346C37C19D485
                                                                                                                                                                                SHA-256:1C1B88D403E2CDE510741A840AFA445603F76E542391547E6E4CC48958C02076
                                                                                                                                                                                SHA-512:B52752AC5D907DC442EC7C318998FD54AD9AD659BDE4350493FE5CA95286ECEFCBBBF82D718D4BF4E813B4D20A62CD1F7BA11EE7C68C49EC39307B7746968D18
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....Bb.........." .........................................................0......[.....`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13224
                                                                                                                                                                                Entropy (8bit):6.877222097685592
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WzWfhWceWvcuyjS7HnhWgN7a8Whkh+Il+jX01k9z3ARNXJXEmo:WzWfhWG7HRN7NEjR9zSN5XJo
                                                                                                                                                                                MD5:AFF9165CFF0FB1E49C64B9E1EAEFDD86
                                                                                                                                                                                SHA1:CDEF56AB5734D10A08BC373C843ABC144FE782CB
                                                                                                                                                                                SHA-256:159ECB50F14E3C247FAEC480A3E6E0CF498EC13039C988F962280187CEE1391D
                                                                                                                                                                                SHA-512:64DDF8965DEFAF5E5AE336D37BDB3868538638BAD927E2E76E06ACE51A2BCA60AEFAAB18C300BB7E705F470A937AD978EDD0338091AD6BCC45564C41071EEB40
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0............`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14248
                                                                                                                                                                                Entropy (8bit):6.819759709049553
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WivuBL3BBLJWfhWGeWvcuyjS7HnhWgN7a8WhfZVh+Il+jX01k9z3ARLFXWk:WivuBL3BrWfhWA7HRN7cZLEjR9zSZGk
                                                                                                                                                                                MD5:4334F1A7B180998473DC828D9A31E736
                                                                                                                                                                                SHA1:4C0C14B5C52AB5CF43A170364C4EB20AFC9B5DD4
                                                                                                                                                                                SHA-256:820E3ACD26AD7A6177E732019492B33342BC9200FC3C0AF812EBD41FB4F376CB
                                                                                                                                                                                SHA-512:7F2A12F9D41F3C55C4AFF2C75EB6F327D9434269EBFF3FBCC706D4961DA10530C069720E81B1573FAF919411F929304E4AAF2159205CF9A434B8833EEA867AA9
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0...........`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15776
                                                                                                                                                                                Entropy (8bit):6.867557538513122
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:WbOMw3zdp3bwjGjue9/0jCRrndbWsWfhWU7HRN7ApUad+JR9zuszu:yOMwBprwjGjue9/0jCRrndbGDVadk9zk
                                                                                                                                                                                MD5:71457FD15DE9E0B3AD83B4656CAD2870
                                                                                                                                                                                SHA1:C9C2CAF4F9E87D32A93A52508561B4595617F09F
                                                                                                                                                                                SHA-256:DB970725B36CC78EF2E756FF4B42DB7B5B771BFD9D106486322CF037115BD911
                                                                                                                                                                                SHA-512:A10FCF1D7637EFFFF0AE3E3B4291D54CC7444D985491E82B3F4E559FBB0DBB3B6231A8C689FF240A5036A7ACAE47421CDA58AAA6938374D4B84893CCE0077BC8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....V............" .........................................................0............`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13736
                                                                                                                                                                                Entropy (8bit):6.854527300629819
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:W/qWfhW0eWvcuyjS7HnhWgN7a8Wh+Yq21eX01k9z3ABfNB/xqw:W/qWfhWe7HRN7Ql8R9zmfNB0w
                                                                                                                                                                                MD5:D39FBBEAC429109849EC7E0DC1EC6B90
                                                                                                                                                                                SHA1:2825C7ABA7F3E88F7B3D3BC651BBC4772BB44AD0
                                                                                                                                                                                SHA-256:AEEC3D48068137870E6E40BAD9C9F38377AA06C6EA1AC288E9E02AF9E8C28E6B
                                                                                                                                                                                SHA-512:B4197A4D19535E20ED2AFF4F83ACED44E56ABBB99CE64E2F257D7F9B13882CBDB16D8D864F4923499241B8F7D504D78FF93F22B95F7B02996B15BB3DA1A0EF42
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....2..........." .........................................................0............`.........................................`...l............ ...................'..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13224
                                                                                                                                                                                Entropy (8bit):6.955574425170444
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WUWfhWyeWvcuyjS7HnhWgN7a8WhYw0mh+Il+jX01k9z3ARj4XGAzux:WUWfhWc7HRN7GXEjR9zSk2AzA
                                                                                                                                                                                MD5:0E5CD808E9F407E75F98BBB602A8DF48
                                                                                                                                                                                SHA1:285E1295A1CF91EF2306BE5392190D8217B7A331
                                                                                                                                                                                SHA-256:1846947C10B57876239D8CB74923902454F50B347385277F5313D2A6A4E05A96
                                                                                                                                                                                SHA-512:7D8E35CABE7C3B963E6031CD73DC5AD5EDF8B227DF735888B28D8EFB5744B531F0C84130E47624E4FEA8EF700EABDE20A4E2290A1688A6ACFFB6A09CA20D7085
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....5..........." .........................................................0......z.....`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14248
                                                                                                                                                                                Entropy (8bit):6.824261156098003
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WAWWfhWZeWvcuyjS7HnhWgN7a8Wh0Dq21eX01k9z3ABfNBd5++x:WAWWfhWZ7HRN7rDl8R9zmfNBf+k
                                                                                                                                                                                MD5:CC52CD91B1CBD20725080F1A5C215FCC
                                                                                                                                                                                SHA1:2CE6A32A5BD6FA9096352D3D73E7B19B98E0CC49
                                                                                                                                                                                SHA-256:990DC7898FD7B442D50BC88FEC624290D69F96030A1256385391B05658952508
                                                                                                                                                                                SHA-512:D262F62ADDE8A3D265650A4B56C866BDD2B660001FB2CA679D48EE389254E9FFA6CE9D69F2AAA619D22A155A5523DCE5F7CFDD7638C0E9DF1FE524B09520D5A3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....h..........." .........................................................0......8.....`.........................................`...H............ ...................'..............T............................................................................rdata..T...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15272
                                                                                                                                                                                Entropy (8bit):6.869458023567228
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:WyWXk1JzNcKSIHWfhWH7HRN7pEjR9zSgX:BbcKStkpEF9zZ
                                                                                                                                                                                MD5:2DD711EA0F97CB7C5AB98AE6F57B9439
                                                                                                                                                                                SHA1:CBA11E3EEBE7B3D007EB16362785F5D1D1251ACD
                                                                                                                                                                                SHA-256:A958FD20C06C90112E9E720047D84531B2BD0C77174660DC7E1F093A2ED3CC68
                                                                                                                                                                                SHA-512:D8D39CA07FDFED6A4E5686EAE766022941C19BFBCEB5972EDD109B453FD130B627E3E2880F8580A8A41601493D0C800E64A76E8590070AA13C1ABD550BD1A1BA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....,-a.........." .........................................................0......$.....`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13736
                                                                                                                                                                                Entropy (8bit):6.883994552966322
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WKtyDfIe9jWfhWyReWvcuyjS7HnhWgN7a8WhXO/h+Il+jX01k9z3AR/iXiz:WKtyDfIe9jWfhWyR7HRN7Y6EjR9zSqe
                                                                                                                                                                                MD5:E93816C04327730D41224E7A1BA6DC51
                                                                                                                                                                                SHA1:3F83B9FC6291146E58AFCE5B5447CD6D2F32F749
                                                                                                                                                                                SHA-256:CA06CCF12927CA52D8827B3A36B23B6389C4C6D4706345E2D70B895B79FF2EC8
                                                                                                                                                                                SHA-512:BEAAB5A12BFC4498CDF67D8B560EF0B0E2451C5F4634B6C5780A857666FD14F8A379F42E38BE1BEEFA1C3578B2DF913D901B271719AC6794BFAAB0731BB77BCA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...I............." .........................................................0......V.....`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):12712
                                                                                                                                                                                Entropy (8bit):6.988937791517322
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:W7AaVWfhWdieWvcuyjS7HnhWgN7a8Whvrq21eX01k9z3ABfNBo3:W7AIWfhWdM7HRN7Ul8R9zmfNB0
                                                                                                                                                                                MD5:051847E7AA7A40A1B081FF4B79410B5B
                                                                                                                                                                                SHA1:4CA24E1DA7C5BB0F2E9F5F8CE98BE744EA38309E
                                                                                                                                                                                SHA-256:752542F72AF04B3837939F0113BFCB99858E86698998398B6CD0E4E5C3182FD5
                                                                                                                                                                                SHA-512:1BFB96D15DF1CD3DCEFC933AECA3CE59BEF90E4575A66EAAB92386F8E93652906626308886DD9B82C0863D1544331BBF99BE8E781FA71D8C4C1F5FFF294056DC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...xc.].........." .........................................................0......Eg....`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13736
                                                                                                                                                                                Entropy (8bit):6.826511666056111
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WLGeVxWfhWkeWvcuyjS7HnhWgN7a8WhZch+Il+jX01k9z3ARLXX:WLGeVxWfhWO7HRN7HEjR9zSLn
                                                                                                                                                                                MD5:2AA1F0C20DFB4586B28FAF2AA16B7B00
                                                                                                                                                                                SHA1:3C4E9C8FCA6F24891430A29B155876A41F91F937
                                                                                                                                                                                SHA-256:D2C9EE6B1698DFE99465AF4B7358A2F4C199C907A6001110EDBEA2D71B63CD3F
                                                                                                                                                                                SHA-512:AE05338075972E258BCF1465E444C0A267AD6F03FBB499F653D9D63422A59AC28F2CB83EC25F1181699E59ECBAAC33996883E0B998CBADE1CC011BC166D126D0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...L.\w.........." .........................................................0...........`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13224
                                                                                                                                                                                Entropy (8bit):6.908697555398443
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WvyMv9WfhW0FCeWvcuyjS7HnhWgN7a8Wh/kkQOh+Il+jX01k9z3ARpXZE:WvyMv9WfhWas7HRN7x0EjR9zSppE
                                                                                                                                                                                MD5:6E5DA9819BD53DCB55ABDE1DA67F3493
                                                                                                                                                                                SHA1:8562859EBF3CE95F7ECB4E2C785F43AD7AAAF151
                                                                                                                                                                                SHA-256:30DC0DEB0FAF0434732F2158AD24F2199DEF8DD04520B9DAABBC5F0B3B6DDF40
                                                                                                                                                                                SHA-512:75EB227CA60FF8E873DAC7FA3316B476B967069E8F0AC31469B2DE5A9B21044DB004353FEBF2B53069392BE10A8BF40563BB5D6D4BE774D37D12CF6FBECED175
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................." .........................................................0.......v....`.........................................`................ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15272
                                                                                                                                                                                Entropy (8bit):6.791010772317001
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:WWdv3V0dfpkXc0vVaCWfhWU7HRN7wTN4tgR9zYYB:/dv3VqpkXc0vVabjwTNx9zlB
                                                                                                                                                                                MD5:F378455FB81488F5BFD3617E3C5A75C0
                                                                                                                                                                                SHA1:312FA1343498E99565B1FBF92E6E1E05351CBC99
                                                                                                                                                                                SHA-256:91E50F94A951AA4E48A9059AD222BBE132B02E83D4A7DF94A35EA73248E84800
                                                                                                                                                                                SHA-512:11D80D4F58DA3827A317A3C1ED501432050E123EB992ED58C7765C68DDD2FC49B04398149E73FDB9FB3AA4494B440333AA26861B796E7AE8C7AD730F4FAF99F7
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0............`.........................................`...X............ ...................'..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13736
                                                                                                                                                                                Entropy (8bit):6.926691835908429
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WttZ36WfhWBaeWvcuyjS7HnhWgN7a8WhEaNh+Il+jX01k9z3ARPXnge:WttZ36WfhWBk7HRN7LMEjR9zSP3z
                                                                                                                                                                                MD5:5E393142274D7589AD3DF926A529228C
                                                                                                                                                                                SHA1:B9CA32FCC7959CB6342A1165B681AD4589C83991
                                                                                                                                                                                SHA-256:219CC445C1AD44F109219A3BB6900AB965CB6357504FC8110433B14F6A9B57BE
                                                                                                                                                                                SHA-512:5EB31BE9BCE51A475C18267D89EE7B045AF37B9F0722BAAA85764114326C7A8D0A1662135E102D7AC074C24A6035232A527FC8745139A26CB62F33913ACE3178
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0......C.....`.........................................`...x............ ...................'..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14248
                                                                                                                                                                                Entropy (8bit):6.829698799977648
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WWKIMFqnWfhWpeWvcuyjS7HnhWgN7a8Wh8oSh+Il+jX01k9z3ARMiXxT8:WWTnWfhWp7HRN7poqEjR9zSXm
                                                                                                                                                                                MD5:7B997BD96CB7FA92DEE640D5030F8BEA
                                                                                                                                                                                SHA1:EE258D5F6731778363AA030A6BC372CA9A34383C
                                                                                                                                                                                SHA-256:4BCD366EAF0BDE99B472FA2BF4E0DDA1D860B3F404019FB41BBB8AD3A6D4D8F2
                                                                                                                                                                                SHA-512:92B9F4DD0B8CC66A92553418A1E18BBBEE775F4051CD49AF20505151BE20B41DB11D42C7F2436A6FA57E4C55F55A0519A1960E378F216BA4D7801E2EFB859B2A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...hI$..........." .........................................................0............`.........................................`...H............ ...................'..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13736
                                                                                                                                                                                Entropy (8bit):6.908054226003342
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:W2HtoXeOWfhWteWvcuyjS7HnhWgN7a8WhPh+Il+jX01k9z3ARiXC:WmOWfhWd7HRN7IEjR9zSiS
                                                                                                                                                                                MD5:ACF40D5E6799231CF7E4026BAD0C50A0
                                                                                                                                                                                SHA1:8F0395B7E7D2AAC02130F47B23B50D1EAB87466B
                                                                                                                                                                                SHA-256:64B5B95FE56B6DF4C2D47D771BEC32BD89267605DF736E08C1249B802D6D48D1
                                                                                                                                                                                SHA-512:F66A61E89231B6DC95B26D97F5647DA42400BC809F70789B9AFC00A42B94EA3487913860B69A1B0EE59ED5EB62C3A0CADE9E21F95DA35FDD42D8CE51C5507632
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....\]\.........." .........................................................0......Sp....`.........................................`...H............ ...................'..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13224
                                                                                                                                                                                Entropy (8bit):6.845813488265057
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WfRWWfhWEeWvcuyjS7HnhWgN7a8WhAq21eX01k9z3ABfNBhKD5lx:WfRWWfhWu7HRN7rl8R9zmfNBUD5lx
                                                                                                                                                                                MD5:7A75BC355CA9F0995C2C27977FA8067E
                                                                                                                                                                                SHA1:1C98833FD87F903B31D295F83754BCA0F9792024
                                                                                                                                                                                SHA-256:52226DC5F1E8CD6A22C6A30406ED478E020AC8E3871A1A0C097EB56C97467870
                                                                                                                                                                                SHA-512:BA96FDD840A56C39AAA448A2CFF5A2EE3955B5623F1B82362CB1D8D0EC5FBB51037BDC9F55FE7B6C9F57932267E151E167E7F8D0CB70E907D03A48E0C2617B5B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d......Z.........." .........................................................0.......I....`.........................................`...<............ ...................'..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14240
                                                                                                                                                                                Entropy (8bit):6.852755058390383
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:Woc5WfhWW7HRN7yI4hBnRmuTcR9z/BIWd:7hxyH7RmuU9zld
                                                                                                                                                                                MD5:19876C0A273C626F0E7BD28988EA290E
                                                                                                                                                                                SHA1:8E7DD4807FE30786DD38DBB0DACA63256178B77C
                                                                                                                                                                                SHA-256:07FDA71F93C21A43D836D87FEE199AC2572801993F00D6628DBA9B52FCB25535
                                                                                                                                                                                SHA-512:CDD405F40AC1C0C27E281C4932FBBD6CC84471029D7F179ECF2E797B32BF208B3CD0CA6F702BB26F070F8CDD06B773C7BEB84862E4C01794938932146E74F1CA
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...='..........." .........................................................0............`.......................................................... ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):17312
                                                                                                                                                                                Entropy (8bit):6.653286066355999
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WjJpdkKBcyxWfhWueWvcuyjS7HnhWgN7aoWhl9MMBdRgjLX01k9z3Azsu70S3:WnuyxWfhWI7HRN7GleLR9zusu7H
                                                                                                                                                                                MD5:D66741472C891692054E0BAC6DDE100B
                                                                                                                                                                                SHA1:4D7927E5BEA5CAC77A26DC36B09D22711D532C61
                                                                                                                                                                                SHA-256:252B14D09B0EA162166C50E41AEA9C6F6AD8038B36701981E48EDFF615D3ED4B
                                                                                                                                                                                SHA-512:C5AF302F237C436AC8FE42E0E017D9ED039B4C6A25C3772059F0A6929CBA3633D690D1F84AB0460BEB24A0704E2E1FE022E0E113780C6F92E3D38D1AFA8CEE95
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d......n.........." .........................................................@......U.....`..........................................................0...................'..............T............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13736
                                                                                                                                                                                Entropy (8bit):6.828467063666851
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:W3WfhWTeWvcuyjS7HnhWgN7a8WhkJh+Il+jX01k9z3ARdXd3:W3WfhWr7HRN7PPEjR9zSdJ
                                                                                                                                                                                MD5:0EEB09C06C6926279484C3F0FBEF85E7
                                                                                                                                                                                SHA1:D074721738A1E9BB21B9A706A6097EC152E36A98
                                                                                                                                                                                SHA-256:10EB78864EBFF85EFC91CC91804F03FCD1B44D3A149877A9FA66261286348882
                                                                                                                                                                                SHA-512:3CEB44C0CA86928D2FDD75BF6442FEBAFACA4DE79108561E233030635F428539C44FAAE5BCF12FF6AA756C413AB7558CCC37EEF8008C8AA5B37062D91F9D3613
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...... .........." .........................................................0.......9....`............................................."............ ...................'..............T............................................................................rdata..2...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15272
                                                                                                                                                                                Entropy (8bit):6.852618546365563
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WB7q6nWlC0i5CpWfhW9eWvcuyjS7HnhWgN7aUWhyaWGaN4NhrJgX01k9z3An9U3g:W9q6nWm5CpWfhWt7HRN7jTN4tgR9zYkE
                                                                                                                                                                                MD5:A5DCE38BC9A149ABE5D2F61DB8D6CEC0
                                                                                                                                                                                SHA1:05B6620F7D59D727299DE77ABE517210ADEA7FE0
                                                                                                                                                                                SHA-256:A5B66647EE6794B7EE79F7A2A4A69DEC304DAEA45A11F09100A1AB092495B14B
                                                                                                                                                                                SHA-512:252F7F841907C30FF34AA63C6F996514EB962FC6E1908645DA8BBDE137699FE056740520FEE6AD9728D1310261E6E3A212E1B69A7334832CE95DA599D7742450
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....`W.........." .........................................................0.......0....`.......................................................... ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14248
                                                                                                                                                                                Entropy (8bit):6.799945740819369
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WHY3vY17aFBR0WfhWmeWvcuyjS7HnhWgN7a8Wht+h+Il+jX01k9z3ARzXNZ8l:WHY3eRWfhWg7HRN75EjR9zSz9K
                                                                                                                                                                                MD5:841CB7C4BA59F43B5B659DD3DFE02CD2
                                                                                                                                                                                SHA1:5F81D14C98A7372191ECEB65427F0C6E9F4ED5FA
                                                                                                                                                                                SHA-256:2EAFCE6FF69A237B17AE004F1C14241C3144BE9EAEB4302FDC10DD1CB07B7673
                                                                                                                                                                                SHA-512:F446ACB304960BA0D262D8519E1DA6FE9263CC5A9DA9AC9B92B0AC2CE8B3B90A4FD9D1FDFE7918B6A97AFE62586A36ABD8E8E18076D3AD4AD77763E901065914
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....n.p.........." .........................................................0............`.......................................................... ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13736
                                                                                                                                                                                Entropy (8bit):6.911130988876802
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:W/WfhWVeWvcuyjS7HnhWgN7a8WhrWGaN4NhrJgX01k9z3An9T28++:W/WfhWl7HRN7HTN4tgR9zYI8++
                                                                                                                                                                                MD5:A404E8ECEE800E8BEDA84E8733A40170
                                                                                                                                                                                SHA1:97A583E8B4BBCDAA98BAE17DB43B96123C4F7A6A
                                                                                                                                                                                SHA-256:80C291E9FCEE694F03D105BA903799C79A546F2B5389ECD6349539C323C883AA
                                                                                                                                                                                SHA-512:66B99F5F2DCB698137ECBC5E76E5CF9FE39B786EA760926836598CABBFA6D7A27E2876EC3BF424A8CBB37E475834AF55EF83ABB2ED3C9D72C6A774C207CFF0E0
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................." .........................................................0......6.....`.............................................e............ ...................'..............T............................................................................rdata..u...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):22440
                                                                                                                                                                                Entropy (8bit):6.399039136519993
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:WjQUbM4Oe59Ckb1hgmLVWfhWg7HRN7lQiTN4tgR9zYk:mRMq59Bb1jyLlHTNx9zh
                                                                                                                                                                                MD5:CCF0A6129A16068A7C9AA3B0B7EEB425
                                                                                                                                                                                SHA1:EA2461AB0B86C81520002AB6C3B5BF44205E070C
                                                                                                                                                                                SHA-256:80C09EB650CF3A913C093E46C7B382E2D7486FE43372C4BC00C991D2C8F07A05
                                                                                                                                                                                SHA-512:D4F2285C248ACE34EA9192E23B3E82766346856501508A7A7FC3E6D07EE05B1E57AD033B060FE0CC24EE8DC61F97757B001F5261DA8E063AB21EE80E323A306E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...Q............." .........,...............................................P......<.....`..............................................%...........@...............0...'..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):14248
                                                                                                                                                                                Entropy (8bit):6.818799641918408
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WYRQqjd7xWfhWvNeWvcuyjS7HnhWgN7a8Wh/XBq21eX01k9z3ABfNBoOdb5e:WYKAWfhWF7HRN74Bl8R9zmfNBNdbo
                                                                                                                                                                                MD5:E62A28C67A222B5AF736B6C3D68B7C82
                                                                                                                                                                                SHA1:2214B0229F5FFC17E65DB03B085B085F4AF9D830
                                                                                                                                                                                SHA-256:BD475E0C63AE3F59EA747632AB3D3A17DD66F957379FA1D67FA279718E9CD0F4
                                                                                                                                                                                SHA-512:2F3590D061492650EE55A7CE8E9F1D836B7BB6976AE31D674B5ACF66C30A86A5C92619D28165A4A6C9C3D158BB57D764EE292440A3643B4E23CFFCDB16DE5097
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....-.........." .........................................................0.......o....`.............................................x............ ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):17832
                                                                                                                                                                                Entropy (8bit):6.6533593146787045
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WbPtIPrpJhhf4AN5/KilWfhWneWvcuyjS7HnhWgN7a8WhRh+Il+jX01k9z3ARRXu:WbPtYr7LWfhWP7HRN7WEjR9zSR7bO
                                                                                                                                                                                MD5:83433288A21FF0417C5BA56C2B410CE8
                                                                                                                                                                                SHA1:B94A4AB62449BCA8507D70D7FB5CBC5F5DFBF02C
                                                                                                                                                                                SHA-256:301C5418D2AEE12B6B7C53DD9332926CE204A8351B69A84F8E7B8A1344FA7EA1
                                                                                                                                                                                SHA-512:F20DE6248D391F537DCC06E80174734CDD1A47DC67E47F903284D48FB7D8082AF4EED06436365FCE3079AAC5B4E07BBD9C1A1A5EB635C8FE082A59F566980310
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...K............" .........................................................@............`.............................................4............0...................'..............T............................................................................rdata..D...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):19368
                                                                                                                                                                                Entropy (8bit):6.59035476139595
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:W5fgnLpHquWYFxEpahXWfhWlYeWvcuyjS7HnhWgN7a8WhZOh+Il+jX01k9z3ARXF:WEZpFVhXWfhWli7HRN7FEjR9zSXUg
                                                                                                                                                                                MD5:844E18709C2DEDA41F2228068A8D2CED
                                                                                                                                                                                SHA1:871BF94A33FA6BB36FA1332F8EC98D8D3E6FE3B6
                                                                                                                                                                                SHA-256:799E9174163F5878BEA68CA9A6D05C0EDF375518E7CC6CC69300C2335F3B5EA2
                                                                                                                                                                                SHA-512:3BBB82D79F54D85DCBE6EE85A9909C999B760A09E8925D704A13BA18C0A610A97054AC8BD4C66C1D52AB08A474EDA78542D5D79AE036F2C8E1F1E584F5122945
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...U.x..........." ......... ...............................................@.......]....`.............................................a............0...............$...'..............T............................................................................rdata..a...........................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):19368
                                                                                                                                                                                Entropy (8bit):6.582111769188288
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:W5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlTWfhWJ7HRN7yl8R9zmfNBqFn284:y6S5yguNvZ5VQgx3SbwA71IkFDSylQ9e
                                                                                                                                                                                MD5:5A82C7858065335CAD14FB06F0465C7E
                                                                                                                                                                                SHA1:C5804404D016F64F3F959973EAEFB7820EDC97AD
                                                                                                                                                                                SHA-256:3BF407F8386989AA5F8C82525C400B249E6F8D946A32F28C469C996569D5B2E3
                                                                                                                                                                                SHA-512:88A06E823F90EF32D62794DAFE6C3E92755F1F1275C8192A50E982013A56CF58A3BA39E2D80B0DD5B56986F2A7D4C5B047A75F8D8F4B5B241CDF2D00BEEBD0D5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...<.L..........." ......... ...............................................@...........`..........................................................0...............$...'..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):15784
                                                                                                                                                                                Entropy (8bit):6.75722036011819
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:WAJD2WfhWfeWvcuyjS7HnhWgN7a8WhSfdh+Il+jX01k9z3ARaXMgecI:WAcWfhWn7HRN7XfTEjR9zSacgbI
                                                                                                                                                                                MD5:B64B9E13C90F84D0B522CD0645C2100C
                                                                                                                                                                                SHA1:39822CB8F0914A282773E4218877168909FDC18D
                                                                                                                                                                                SHA-256:2F6B0F89F4D680A9A9994D08AA5CD514794BE584A379487906071756AC644BD6
                                                                                                                                                                                SHA-512:9CB03D1120DE577BDB9ED720C4EC8A0B89DB85969B74FBD900DCDC00CF85A78D9469290A5A5D39BE3691CB99D49CF6B84569AC7669A798B1E9B6C71047B350DE
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....n..........." .........................................................0......2.....`.......................................................... ...................'..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):13736
                                                                                                                                                                                Entropy (8bit):6.900466904881445
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:W1fHQdujWfhWmeWvcuyjS7HnhWgN7a8WhLq21eX01k9z3ABfNB13gE:W1f9WfhWg7HRN7Ql8R9zmfNB3
                                                                                                                                                                                MD5:26F020C0E210BCE7C7428AC049A3C5DA
                                                                                                                                                                                SHA1:7BF44874B3BA7B5BA4B20BB81D3908E4CDE2819C
                                                                                                                                                                                SHA-256:DFAD88B5D54C597D81250B8569F6D381F7016F935742AC2138BA2A9AE514C601
                                                                                                                                                                                SHA-512:7DA07143CAB0A26B974FA90E3692D073B2E46E39875B2DD360648382D0BFCA986338697600C4BC9FE54FC3826DAA8FC8F2FEC987DE75480354C83ABA612AFA5F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................." .........................................................0.......t....`.............................................^............ ...................'..............T............................................................................rdata..n...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\base_library.zip

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1066267
                                                                                                                                                                                Entropy (8bit):5.671550644105321
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:EEHYKmIpWyxC6Sacpn8A4a2YZVdOVwx/fpE94rafuR6O98SLMNOg:EEHYoVxVLa2yyVwx/fpE94+uR/9HMNOg
                                                                                                                                                                                MD5:0D3DA25523FD61375FA20884E99B9C29
                                                                                                                                                                                SHA1:5F4937E21B64FBB1A44304CC7206C48F488D435A
                                                                                                                                                                                SHA-256:C82FB39B5A4124D36AC4CCF95205298F5A7BCAF1784DE5FC362E44D2C5AAFA5F
                                                                                                                                                                                SHA-512:34D1146E4E354B415F949A74F6AD51650203E707DA79B3F98CADA6952E24FF1BD94ABFF1139CA66F4C5B1CC6C37DCB02A7F2EA6FF0FAB07878AEFC38F96381B8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:PK..........!..0.............._collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\frozenlist\_frozenlist.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):52224
                                                                                                                                                                                Entropy (8bit):5.727427728747166
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:wlx6e2vWccz2KH9mgW1FKPdU9S46DcL405:o6eMKH9mR8PdJcL405
                                                                                                                                                                                MD5:9AFF0F7DC372EEF5030001DA9B79E99E
                                                                                                                                                                                SHA1:255B40813C687C13B6311A9DADB476F35125F81D
                                                                                                                                                                                SHA-256:574374AEE67D7865354DD63A2A4C2F8A3B47DB3867D440B92093FDB0318B10CD
                                                                                                                                                                                SHA-512:A7BFF40E396B914EC5C26DE13E167BB30CEE93D2456306DB77E0716A73B56808B70FB82EC75BADEED52692FF69133F3AF0BAE75775A414B67DAF128A6F76DB01
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:.^:.^:.^3.?^8.^Z.._8.^q.._8.^Z.._7.^Z.._2.^Z.._9.^..._9.^:.^..^^.._;.^^.._;.^^.S^;.^^.._;.^Rich:.^................PE..d......b.........." ... .z...V.......}....................................... ............`.........................................`...h......d...................................P...................................@...............h............................text....x.......z.................. ..`.rdata...1.......2...~..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\libcrypto-1_1.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):3441504
                                                                                                                                                                                Entropy (8bit):6.097985120800337
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:49152:8TKuk2CQIU6iV9OjPWgBqIVRIaEv5LY/RnQ2ETEvrPnkbsYNPsNwsML1CPwDv3u6:Vv+KRi5KsEKsY+NwsG1CPwDv3uFfJu
                                                                                                                                                                                MD5:6F4B8EB45A965372156086201207C81F
                                                                                                                                                                                SHA1:8278F9539463F0A45009287F0516098CB7A15406
                                                                                                                                                                                SHA-256:976CE72EFD0A8AEEB6E21AD441AA9138434314EA07F777432205947CDB149541
                                                                                                                                                                                SHA-512:2C5C54842ABA9C82FB9E7594AE9E264AC3CBDC2CC1CD22263E9D77479B93636799D0F28235AC79937070E40B04A097C3EA3B7E0CD4376A95ED8CA90245B7891F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a...2...2...2...2...2..3...2..3...2..3...2..3...2...2...2L.3...2..3...2..3.2..3...2..p2...2..3...2Rich...2........................PE..d...m..b.........." ... ..$...................................................4....../5...`..........................................h/..h...*4.@....`4.|....`2.....Z4.`)...p4..O....,.8...........................`.,.@............ 4..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......`2.......1.............@..@.idata..^#... 4..$....3.............@..@.00cfg..u....P4.......3.............@..@.rsrc...|....`4.......3.............@..@.reloc...x...p4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\libffi-7.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):32792
                                                                                                                                                                                Entropy (8bit):6.3566777719925565
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\libssl-1_1.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):702816
                                                                                                                                                                                Entropy (8bit):5.547832370836076
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:UUnBMlBGdU/t0voUYHgqRJd7a7+JLvrfX7bOI8Fp0D6WuHU2lvzR:UN/t0vMnffOI8Fp0D6TU2lvzR
                                                                                                                                                                                MD5:8769ADAFCA3A6FC6EF26F01FD31AFA84
                                                                                                                                                                                SHA1:38BAEF74BDD2E941CCD321F91BFD49DACC6A3CB6
                                                                                                                                                                                SHA-256:2AEBB73530D21A2273692A5A3D57235B770DAF1C35F60C74E01754A5DAC05071
                                                                                                                                                                                SHA-512:FAC22F1A2FFBFB4789BDEED476C8DAF42547D40EFE3E11B41FADBC4445BB7CA77675A31B5337DF55FDEB4D2739E0FB2CBCAC2FEABFD4CD48201F8AE50A9BD90B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.p*..p*..p*......p*...+..p*.\.+..p*.../..p*......p*...)..p*...+..p*..p+.iq*......p*...*..p*.....p*...(..p*.Rich.p*.........PE..d......b.........." ... .B...T......<.....................................................`.........................................@A...N..@U..........s........M......`)......h...0...8...............................@............@..@............................text....@.......B.................. ..`.rdata..J/...`...0...F..............@..@.data...AM.......D...v..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............j..............@..@.rsrc...s............l..............@..@.reloc..l............t..............@..B................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\multidict\_multidict.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):46592
                                                                                                                                                                                Entropy (8bit):5.292514598650682
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:384:mG/0GLzEMiVbFNp9HFe7Jp8aBX0pxXqLV3FS7K8tWUB/Xob0U47QgYsjtRRY3HQ6:mG8wAEJpzBNVoheslj/aF2gkWFlH9
                                                                                                                                                                                MD5:1B59C87F0871FED4FF2BE93C5D9234AB
                                                                                                                                                                                SHA1:7E5C8827A5B2DEC5417800AB0A2001AF46AB8924
                                                                                                                                                                                SHA-256:B7151A6FFA3DC7436D09B1E35343801E11F423C6B391F1177254236EC47A3AD7
                                                                                                                                                                                SHA-512:6092628A4C73CA2D29B6F6A0D1ED34627795363C89B2A45BFC75951F8148A288707231575183EF73D4FB24C022883AB3AB30DA61C92664295FFFD8A36E9200DF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.k."..."..."...+.. ...p... ....... ...p...)...p...*...p...!......!..."...V......#......#......#......#...Rich"...................PE..d...E..a.........." .....Z...^.......\....................................................`.........................................`...d......d...............................H.......................................8............p...............................text....X.......Z.................. ..`.rdata...*...p...,...^..............@..@.data...x#..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\pycares\_cares.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):143360
                                                                                                                                                                                Entropy (8bit):6.075290405205589
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:xYjAONgTgGNWARNEBXRzHJ0Xg9sGkD7EKN7Jv1FL/49olpS0mZPfc:ylTmsCD7Z7Jv19/49olY0m1fc
                                                                                                                                                                                MD5:CD1A160800A09F76BA104825ABF0824C
                                                                                                                                                                                SHA1:E0A949C8985806414D9778473B1A60468F053147
                                                                                                                                                                                SHA-256:8F318176C3B009D3DFACA33F8AADD454371869E68BB63CAA9098B4C0AAE95204
                                                                                                                                                                                SHA-512:C2E19C4D508E7CAAB5950F13FD97DE788C806F45E86424624AD438A2927C85E3D6DD71D76DB56B6556B288AB6981431B8F5D4DD9BF22E8BD920BE268FC4D718C
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X..............4..............Z..........................z....................v......v......v.X.....v......Rich....................PE..d.../2 e.........." ................<.....................................................`.............................................\............`.......@...............p..`.......................................8............................................text...X........................... ..`.rdata..ho.......p..................@..@.data...h.... ......................@....pdata.......@......................@..@.rsrc........`.......(..............@..@.reloc..`....p.......*..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\pyexpat.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):198528
                                                                                                                                                                                Entropy (8bit):6.360796092429738
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:rEDP+RzZaOF540O4g8u4OrHNZrhYaPB4cXwlU6d129HGuAyDw1ODUpzIB/Z3ckUT:WAt740OEOrHNZ55UE9t6m3ckUjf
                                                                                                                                                                                MD5:3A283295D506A8C86AB643CE2C743223
                                                                                                                                                                                SHA1:E45DE5DEA739CC089DA1D9449D8F8A9BFD0AADDE
                                                                                                                                                                                SHA-256:1F8C0A490E6D0B9C16A58ABB01398B4642FBA73797B714DF5A5418051248422B
                                                                                                                                                                                SHA-512:C56B853CD856B7D7A5DA5444F41AEDFC5A9FEF9865194006A0073F90F162D50B22EEB953D1F8AA2A5395188636451016F9332126FC9D2399800DA4AB7D80C6FC
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P..1..1..1..IX..1.5J..1.5J..1.5J..1.5J..1.8J..1.fC..1..1..1.8J..1.8J..1.8J4..1.8J..1.Rich.1.........................PE..d...`..c.........." ...!............................................................9.....`.........................................`...P................................)..........@6..T............................5..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\python3.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):64896
                                                                                                                                                                                Entropy (8bit):6.102852256109953
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:1Kk8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJh:skwewnvtjnsfwcBI1Q0v7SyUi
                                                                                                                                                                                MD5:4D9AACD447860F04A8F29472860A8362
                                                                                                                                                                                SHA1:B0E8F5640C7B01C5EB3671D725C450BAD9D4CA62
                                                                                                                                                                                SHA-256:82FC45243160DE816B82C1C0412437BD677F0D1E53088416555A6E9E889734E9
                                                                                                                                                                                SHA-512:98726CB9A1D1CA0E60B7433090BBDD55411893551280883A120CA733E49D07BE4012EE6ED43148A33D16635D726CD4A1214F4371B059D31CCD685AA2AF7DB2DD
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q...e...e...e..km...e..ke...e..k....e..kg...e.Rich..e.................PE..d...K..c.........." ...!.............................................................9....`.........................................`...`................................)..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\python310.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4494208
                                                                                                                                                                                Entropy (8bit):6.463047906568919
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:49152:/s2RTSieYuF0LVvfj1oeMvKDA6sKoDfU18BHPbRKQ4bLy7XmnDE5+fWqfJJ6JiTi:92FKIqZsKCfTIw26prGbrHSMfwSrzxYB
                                                                                                                                                                                MD5:342BA224FE440B585DB4E9D2FC9F86CD
                                                                                                                                                                                SHA1:BFA3D380231166F7C2603CA89A984A5CAD9752AB
                                                                                                                                                                                SHA-256:CDB8158DCF4F10517BD73E1334FC354FD98180D4455F29E3DF2B0AA699FA2432
                                                                                                                                                                                SHA-512:DAA990FF3770A39B778F672F2596AB4050BFF9B16BB2222E5712327DF82D18F39AC5100E3B592A5DB9E88302E6E94C06881FBF61431E7670FF287F7F222254C1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.D...*...*...*..+...*......*../...*......*..)...*.......*..+...*...+.S.*..'...*..*...*......*..(...*.Rich..*.........................PE..d...A..c.........." ...!..#...!.....\.........................................E.......D...`.........................................pO=.....P.>.|.....E.......B......jD..)... E..t...Q%.T............................P%.@.............#.8............................text.....#.......#................. ..`.rdata...d....#..f....#.............@..@.data........@>.......>.............@....pdata........B.. ....A.............@..@PyRuntim`.....E.......C.............@....rsrc.........E.......C.............@..@.reloc...t... E..v....C.............@..B........................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\select.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):29056
                                                                                                                                                                                Entropy (8bit):6.475687296564378
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:768:meS+FwhCBHq5mIBI17GIYiSyvL51JeES5U3:meS+ah+K5mIBI17GI7SyjjJ8G3
                                                                                                                                                                                MD5:FCACFA9C2694118CCC3CD6956949CE15
                                                                                                                                                                                SHA1:E01AA8957F39133A4C77BBB03D1C3AF5A5D9649B
                                                                                                                                                                                SHA-256:2BFA63B823C54D6B3C55DC17E446129FC02CA930D247ABADBC7680F0F71D03A6
                                                                                                                                                                                SHA-512:57CA335B941059D5FE65E2CECF95BD59C02515D1F15DA212CC845C77F673CC749EE77EB4381787A4B357CEC8A722C37C991789D6EE872D5130B32D78C10468D3
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.tR_d'R_d'R_d'['.'P_d'.$e&P_d'.$a&^_d'.$`&Z_d'.$g&V_d'.$e&P_d'R_e'._d'.-e&W_d'.$i&S_d'.$d&S_d'.$.'S_d'.$f&S_d'RichR_d'........................PE..d...Y..c.........." ...!.....2.......................................................!....`..........................................@..L....@..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata..H....0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\ucrtbase.dll

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1018792
                                                                                                                                                                                Entropy (8bit):6.641182647518247
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24576:hLyubutYBWSlhrANUDk8ExrmxvSZX0ypFiR+c:VyubJvlhrVETiR+c
                                                                                                                                                                                MD5:8E7680A8D07C3C4159241D31CAAF369C
                                                                                                                                                                                SHA1:62FE2D4AE788EE3D19E041D81696555A6262F575
                                                                                                                                                                                SHA-256:36CC22D92A60E57DEE394F56A9D1ED1655EE9DB89D2244A959005116A4184D80
                                                                                                                                                                                SHA-512:9509F5B07588A08A490F4C3CB859BBFE670052C1C83F92B9C3356AFA664CB500364E09F9DAFAC7D387332CC52D9BB7BB84CEB1493F72D4D17EF08B9EE3CB4174
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.Pc*.>0*.>0*.>0#..0..>0*.?0..>0O..0+.>0O.>1+.>0O.=1..>0O.;1p.>0O.01..>0O.:1d.>0O..0+.>0O.<1+.>0Rich*.>0........................PE..d....A.0.........." .........b.......6..............................................y.....`A........................................ ...........................H....d...'......p....y..T............................B...............o...............................text............................... ..`.rdata...w...0...x..................@..@.data....$..........................@....pdata..H...........................@..@.rsrc................R..............@..@.reloc..p............X..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\unicodedata.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1121152
                                                                                                                                                                                Entropy (8bit):5.384584093905756
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:12288:ucYYMmuZ63NeQCb5Pfhnzr0ql8L8koM7IRG5eeme6VZyrIBHdQLhfFE+uztg:bYYuBZV0m8wMMREtV6Vo4uYztg
                                                                                                                                                                                MD5:1218DB005C9C809AB151E3FC15F4C41E
                                                                                                                                                                                SHA1:E53CD5C9A4E39ED30E871AEA0AEF67294CBF4130
                                                                                                                                                                                SHA-256:A84F488F2AE2A74268DA36BD8C3FE7B6E8D2B9B89A3C99F5173A827A8DDCA2F4
                                                                                                                                                                                SHA-512:28C9C031B881B6C585E5FDDA006F8C7C257C55AD15651DDA6412E26F52D0E6ACFAA58547DA7E04B5A52C0F9962E94E5D7E48679733E0495B335CB6A37851758F
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e...l...l...l..|....l. .m...l. .i...l. .h...l. .o...l.-.m...l.svm...l...m...l.-.a...l.-.l...l.-.....l.-.n...l.Rich..l.................PE..d...U..c.........." ...!.B...........*.......................................@............`.............................................X...(........ ...................)...0......@b..T............................a..@............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\websockets-12.0.dist-info\INSTALLER

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                Entropy (8bit):1.5
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:Mn:M
                                                                                                                                                                                MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:pip.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\websockets-12.0.dist-info\LICENSE

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1538
                                                                                                                                                                                Entropy (8bit):5.080339551671485
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:5OYJPJz3iPwB432sVoH32s39t313tuzTHy:sYJPJz3Nu3I3zVgzTS
                                                                                                                                                                                MD5:E44C4765CCF7B55945354FBDC20F4DB9
                                                                                                                                                                                SHA1:76CE5FD4DC590E076B8675BD68DD4562CAD1B6D5
                                                                                                                                                                                SHA-256:0F44514998ACA209D3482D10204A8ADF2AA4296FF157A36A5C0922F2280632D3
                                                                                                                                                                                SHA-512:25F703DA29D614802262B597CC4F3993E895CB164532E27892DB8A12BD8CBAEFB0512B7D14F8992F9C45526693DF4AA3E4CA6362D1116C7FE7BE3C781168A82E
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Copyright (c) Aymeric Augustin and contributors....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are met:.... * Redistributions of source code must retain the above copyright notice,.. this list of conditions and the following disclaimer... * Redistributions in binary form must reproduce the above copyright notice,.. this list of conditions and the following disclaimer in the documentation.. and/or other materials provided with the distribution... * Neither the name of the copyright holder nor the names of its contributors.. may be used to endorse or promote products derived from this software.. without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND..ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED..WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE A

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\websockets-12.0.dist-info\METADATA

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):6786
                                                                                                                                                                                Entropy (8bit):5.045862599148473
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:DH3Yc6XUQIvvlGoX0E99d6/uvLyOb0BXwHCGBYkVEvjWay7r4XHBT1EA3LIdVsaP:scEjTE9Tvy3X+jEvir4RT1pMV
                                                                                                                                                                                MD5:60E7F4A5A3B905641328BB331CE98D01
                                                                                                                                                                                SHA1:7D256CEFD089313FD71DAE605D4F286D1C1A058E
                                                                                                                                                                                SHA-256:915C24B71F32610236A24DCC13E806AF5633D70A5E03FAFCE5916F0B263B7CF8
                                                                                                                                                                                SHA-512:C4A8F98C73C5F9807B43CD3157F1A693F820192A477E842A7A6BADB30CA6D5628D9F1026C1CC7C74D4AEFD490707737F240D9F3393FE3936D29518028353A632
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Metadata-Version: 2.1..Name: websockets..Version: 12.0..Summary: An implementation of the WebSocket Protocol (RFC 6455 & 7692)..Author-email: Aymeric Augustin <aymeric.augustin@m4x.org>..License: BSD-3-Clause..Project-URL: Homepage, https://github.com/python-websockets/websockets..Project-URL: Changelog, https://websockets.readthedocs.io/en/stable/project/changelog.html..Project-URL: Documentation, https://websockets.readthedocs.io/..Project-URL: Funding, https://tidelift.com/subscription/pkg/pypi-websockets?utm_source=pypi-websockets&utm_medium=referral&utm_campaign=readme..Project-URL: Tracker, https://github.com/python-websockets/websockets/issues..Keywords: WebSocket..Classifier: Development Status :: 5 - Production/Stable..Classifier: Environment :: Web Environment..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: BSD License..Classifier: Operating System :: OS Independent..Classifier: Programming Language :: Python..Classifier: Programming Langu

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\websockets-12.0.dist-info\RECORD

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):6038
                                                                                                                                                                                Entropy (8bit):5.65995138902628
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:96:gXHAvlozlFKCwQXkDTJSRJY5RIvudXJmskjxQUuzQYe97eHEeIvqSxNxdIJ1AB1A:gXHClq/G1VES/CVxcYl3J+
                                                                                                                                                                                MD5:AFFC1398DB52D3C4A59ECF10C3F5452C
                                                                                                                                                                                SHA1:27C45B086938A619CE9990A6D46762B1BB0248FA
                                                                                                                                                                                SHA-256:869BE72D514B25C294C3AB8216F3679A4041259CD85650F0739B1710F2F55828
                                                                                                                                                                                SHA-512:F8DFCDDD43EE1B925C77C2AF2B4774485EBB4896B428572ECBE5117683FF1305336B5946F9DC06456FB0BE0F50CF628E5973F933D37ECB9CE43D936A47BACFC2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:websockets-12.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..websockets-12.0.dist-info/LICENSE,sha256=D0RRSZisognTSC0QIEqK3yqkKW_xV6NqXAki8igGMtM,1538..websockets-12.0.dist-info/METADATA,sha256=kVwktx8yYQI2ok3ME-gGr1Yz1wpeA_r85ZFvCyY7fPg,6786..websockets-12.0.dist-info/RECORD,,..websockets-12.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..websockets-12.0.dist-info/WHEEL,sha256=yrvteVAZzxQvtDnzdCRh4dP01sPIxYhLXIXplC7o50E,102..websockets-12.0.dist-info/top_level.txt,sha256=CMpdKklxKsvZgCgyltxUWOHibZXZ1uYIVpca9xsQ8Hk,11..websockets/__init__.py,sha256=rvb0DEVwY-aXwf3GNmqrTmwku4vcKGgbkhn3tKv1OWE,5848..websockets/__main__.py,sha256=BMtbQ-dwHfmXmz2STx4nAcdliEKuj2wQXyxe23Vp1S0,4903..websockets/__pycache__/__init__.cpython-310.pyc,,..websockets/__pycache__/__main__.cpython-310.pyc,,..websockets/__pycache__/auth.cpython-310.pyc,,..websockets/__pycache__/client.cpython-310.pyc,,..websockets/__pycache__/connection.cpython-310.pyc,,..websock

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\websockets-12.0.dist-info\WHEEL

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):102
                                                                                                                                                                                Entropy (8bit):5.029063489591284
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:RtEeX7MWcSlVlF5jP+tkKcwVTiSMLQLn:RtBMwlVNWKGFiSMLQLn
                                                                                                                                                                                MD5:8C2E21CC1C783F0308A0CECCBA453D28
                                                                                                                                                                                SHA1:602F6E8B6400CE24F69EAD308E1BB1B5088282E2
                                                                                                                                                                                SHA-256:CABBED795019CF142FB439F3742461E1D3F4D6C3C8C5884B5C85E9942EE8E741
                                                                                                                                                                                SHA-512:2D0FF78E6871826BC22A9A5DBEB1FC1C2F426A58189AB924070D7FB8369BF6BEFCDA558D8A1E4247FE3073CA82DDA69610C23E83F22EE964B941E79068C64422
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.41.2).Root-Is-Purelib: false.Tag: cp310-cp310-win_amd64..

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\websockets-12.0.dist-info\top_level.txt

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                Category:modified
                                                                                                                                                                                Size (bytes):11
                                                                                                                                                                                Entropy (8bit):3.095795255000934
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3:z0o:wo
                                                                                                                                                                                MD5:F36B810914D17B7D95A034DB8477FECE
                                                                                                                                                                                SHA1:CBA244B958EB322841299D405651F48952E16E4A
                                                                                                                                                                                SHA-256:08CA5D2A49712ACBD980283296DC5458E1E26D95D9D6E60856971AF71B10F079
                                                                                                                                                                                SHA-512:D0B34F24053A8C88B6352DD6B31445D044ECE2AC10AA10A6FC6EFB02C8411832DB774FBE00CCEDB2B93144DE604251B2E331D5E1DADD34416B82D379741EF772
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:websockets.

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\websockets\speedups.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):11776
                                                                                                                                                                                Entropy (8bit):4.918913329321344
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:8DYYy40RHkIAMxSHLRquVBDzcquQdBOacqgfu:8DY13mLRqurncquQdBPg
                                                                                                                                                                                MD5:398F616AE7421BC538F07AACA8DBE08B
                                                                                                                                                                                SHA1:C7D927714DAF0A3CD7ADABEBD64B1D7438836F1C
                                                                                                                                                                                SHA-256:2B105DFEB3CC89E9F3DA062CEB3C0B201927EE4A2DB2F6B555079E4F8534DB72
                                                                                                                                                                                SHA-512:9B86B4280EB35112970B0A8ABE27D9046A05D1D28AC155105F8D862E6B94CA9F30FF8B45AB7B1A4F477B889EE3F2B0C5A82D3953EFCEDB9445CF0ECC5018E64A
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C'.W"I.W"I.W"I.^Z..U"I..^H.U"I..ZH.U"I..^L.\"I..^M._"I..^J.T"I.WH.T"I.W"H.g"I._A.V"I._I.V"I._..V"I._K.V"I.RichW"I.........PE..d.....3e.........." ...#............ .....................................................`.........................................P9..`....9..d....`.......P...............p..D...P4...............................3..@............0..`............................text............................... ..`.rdata..B....0......................@..@.data........@.......&..............@....pdata.......P.......(..............@..@.rsrc........`.......*..............@..@.reloc..D....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI13162\yarl\_quoting_c.cp310-win_amd64.pyd

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):67584
                                                                                                                                                                                Entropy (8bit):5.883132696480791
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:1536:1cE1wCxBxgLrozFfSzWq/u+3s76aN2bm:1sQFFq/hsGaN2bm
                                                                                                                                                                                MD5:0FE522DE67B9EC0C0CA7AF3024D2579D
                                                                                                                                                                                SHA1:6DC78E0A9909233A07BF576A2BFC6D8012920A56
                                                                                                                                                                                SHA-256:76A4E51AD8F46AFE71A71DD815968320059914CFD7DF350AE5EA2F1755259A8C
                                                                                                                                                                                SHA-512:5943D21ED9AD94EF804979F1A69C0C808A21B52D831AD0F5C29830D612DC7B197090FDA7A2B6093369E0FADD8EFD10EFB9803B383B3BC3EC97E16C58010E37DF
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.hD*...*...*...#..(...J...(...a...(...J...&...J..."...J...).......)...*.......N...+...N...+...N...+...N...+...Rich*...........................PE..d....I.b.........." ... ....................................................p............`.............................................d...D...d....P.......@..8............`..........................................@............................................text...(........................... ..`.rdata..*7.......8..................@..@.data...(:..........................@....pdata..8....@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                Entropy (8bit):7.9915183198717425
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                File name:cJ6xbAA5Rn.exe
                                                                                                                                                                                File size:9'068'491 bytes
                                                                                                                                                                                MD5:fc194128c1f7b9b1e338464b0861606b
                                                                                                                                                                                SHA1:acc1b8c717bb69c669e87b00dee4b9a58702ac44
                                                                                                                                                                                SHA256:32c196083c0fd09ff8abf4a8984c9b651360d9df9b002e206d07418f01819d58
                                                                                                                                                                                SHA512:265c9489c325b565b0da0ac6eea65e47a3f336c315b2e40cb504ae04599cff08286f436629a11d9b66ad7222a90c4342d0cc6d592a6d5d2b6512aab6ba54cbe6
                                                                                                                                                                                SSDEEP:196608:qWsUO2pzCedQmRJ8dA6lWIkaqdVTVrlVR8IDMqyUyDqZq+Ls:sW9dQuslWIwdfHRPy7Eq+Ls
                                                                                                                                                                                TLSH:9396334462581CDAF6B9463E44A2C23DF761BC1147A5E10F4BF08E7F2A237A13D7A7A1
                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W...W...W.../...W.../...W.../...W...+l..W...+...W...+...W...+...W.../...W...W..)W..e+...W..e+...W..Rich.W.................

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:0000000000000000

                                                                                                                                                                                Static PE Info

                                                                                                                                                                                General

                                                                                                                                                                                Entrypoint:0x14000b310
                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                Time Stamp:0x66708A15 [Mon Jun 17 19:10:13 2024 UTC]
                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                OS Version Minor:2
                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                File Version Minor:2
                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                Subsystem Version Minor:2
                                                                                                                                                                                Import Hash:0b5552dccd9d0a834cea55c0c8fc05be

                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                Instruction
                                                                                                                                                                                dec eax
                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                call 00007F6A3060835Ch
                                                                                                                                                                                dec eax
                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                jmp 00007F6A30607F6Fh
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                dec eax
                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                call 00007F6A306088D4h
                                                                                                                                                                                test eax, eax
                                                                                                                                                                                je 00007F6A30608113h
                                                                                                                                                                                dec eax
                                                                                                                                                                                mov eax, dword ptr [00000030h]
                                                                                                                                                                                dec eax
                                                                                                                                                                                mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                jmp 00007F6A306080F7h
                                                                                                                                                                                dec eax
                                                                                                                                                                                cmp ecx, eax
                                                                                                                                                                                je 00007F6A30608106h
                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                dec eax
                                                                                                                                                                                cmpxchg dword ptr [0004121Ch], ecx
                                                                                                                                                                                jne 00007F6A306080E0h
                                                                                                                                                                                xor al, al
                                                                                                                                                                                dec eax
                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                ret
                                                                                                                                                                                mov al, 01h
                                                                                                                                                                                jmp 00007F6A306080E9h
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                inc eax
                                                                                                                                                                                push ebx
                                                                                                                                                                                dec eax
                                                                                                                                                                                sub esp, 20h
                                                                                                                                                                                movzx eax, byte ptr [00041207h]
                                                                                                                                                                                test ecx, ecx
                                                                                                                                                                                mov ebx, 00000001h
                                                                                                                                                                                cmove eax, ebx
                                                                                                                                                                                mov byte ptr [000411F7h], al
                                                                                                                                                                                call 00007F6A306086D3h
                                                                                                                                                                                call 00007F6A30609802h
                                                                                                                                                                                test al, al
                                                                                                                                                                                jne 00007F6A306080F6h
                                                                                                                                                                                xor al, al
                                                                                                                                                                                jmp 00007F6A30608106h
                                                                                                                                                                                call 00007F6A30615DE1h
                                                                                                                                                                                test al, al
                                                                                                                                                                                jne 00007F6A306080FBh
                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                call 00007F6A30609812h
                                                                                                                                                                                jmp 00007F6A306080DCh
                                                                                                                                                                                mov al, bl
                                                                                                                                                                                dec eax
                                                                                                                                                                                add esp, 20h
                                                                                                                                                                                pop ebx
                                                                                                                                                                                ret
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                int3
                                                                                                                                                                                inc eax
                                                                                                                                                                                push ebx
                                                                                                                                                                                dec eax
                                                                                                                                                                                sub esp, 20h
                                                                                                                                                                                cmp byte ptr [000411BCh], 00000000h
                                                                                                                                                                                mov ebx, ecx
                                                                                                                                                                                jne 00007F6A30608159h
                                                                                                                                                                                cmp ecx, 01h
                                                                                                                                                                                jnbe 00007F6A3060815Ch
                                                                                                                                                                                call 00007F6A3060883Ah
                                                                                                                                                                                test eax, eax
                                                                                                                                                                                je 00007F6A3060811Ah

                                                                                                                                                                                Data Directories

                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3bd0c0x78.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x45b0.rsrc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20c4.pdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x758.reloc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x394800x1c.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x393400x140.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x418.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                Sections

                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                .text0x10000x288000x28800443d51fb84559b563832949912f06b00False0.5583465952932098data6.488023200564254IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .rdata0x2a0000x12b160x12c004a9e5354a48ceada50b6f127e0c00e1cFalse0.5154817708333334data5.824649969195253IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .data0x3d0000x103f80xe00afabb66fdcd2825de5909f10c900fca7False0.13309151785714285DOS executable (block device driver \377\3)1.8096886543499544IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .pdata0x4e0000x20c40x22007b210ceebebc00c96d1c55c2b456bbb4False0.47794117647058826data5.274096406482418IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                _RDATA0x510000x15c0x200c059b775abce97446903f3597b027faeFalse0.384765625data2.808567494642619IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .rsrc0x520000x45b00x46002f21f0f1f34aace8af22977d1ea09577False0.12232142857142857data1.57291239083267IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .reloc0x570000x7580x80011aaafc72361ec8886a740c3e209ceb3False0.544921875data5.2576643703968475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                Resources

                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                RT_ICON0x520e80x3f28Device independent bitmap graphic, 61 x 128 x 32, image size 161280.08411677387431965
                                                                                                                                                                                RT_GROUP_ICON0x560100x14data1.1
                                                                                                                                                                                RT_MANIFEST0x560240x58bXML 1.0 document, ASCII text, with CRLF line terminators0.44538407329105

                                                                                                                                                                                Imports

                                                                                                                                                                                DLLImport
                                                                                                                                                                                USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                COMCTL32.dll
                                                                                                                                                                                KERNEL32.dllGetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, IsValidCodePage, GetACP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetOEMCP, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetEndOfFile, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                Network Behavior

                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                TCP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Dec 6, 2024 17:40:48.018197060 CET4976780192.168.2.7208.95.112.1
                                                                                                                                                                                Dec 6, 2024 17:40:48.138127089 CET8049767208.95.112.1192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:48.138221025 CET4976780192.168.2.7208.95.112.1
                                                                                                                                                                                Dec 6, 2024 17:40:48.139307022 CET4976780192.168.2.7208.95.112.1
                                                                                                                                                                                Dec 6, 2024 17:40:48.259848118 CET8049767208.95.112.1192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:49.292891979 CET8049767208.95.112.1192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:49.316035986 CET4976780192.168.2.7208.95.112.1
                                                                                                                                                                                Dec 6, 2024 17:40:49.436146975 CET8049767208.95.112.1192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:49.436707020 CET4976780192.168.2.7208.95.112.1
                                                                                                                                                                                Dec 6, 2024 17:40:49.849080086 CET49773443192.168.2.7172.67.19.24
                                                                                                                                                                                Dec 6, 2024 17:40:49.849109888 CET44349773172.67.19.24192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:49.849176884 CET49773443192.168.2.7172.67.19.24
                                                                                                                                                                                Dec 6, 2024 17:40:49.850203991 CET49773443192.168.2.7172.67.19.24
                                                                                                                                                                                Dec 6, 2024 17:40:49.850217104 CET44349773172.67.19.24192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:51.085930109 CET44349773172.67.19.24192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:51.086992979 CET49773443192.168.2.7172.67.19.24
                                                                                                                                                                                Dec 6, 2024 17:40:51.087006092 CET44349773172.67.19.24192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:51.088057995 CET44349773172.67.19.24192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:51.088140011 CET49773443192.168.2.7172.67.19.24
                                                                                                                                                                                Dec 6, 2024 17:40:51.089603901 CET49773443192.168.2.7172.67.19.24
                                                                                                                                                                                Dec 6, 2024 17:40:51.089672089 CET44349773172.67.19.24192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:51.089975119 CET49773443192.168.2.7172.67.19.24
                                                                                                                                                                                Dec 6, 2024 17:40:51.089982033 CET44349773172.67.19.24192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:51.139673948 CET49773443192.168.2.7172.67.19.24
                                                                                                                                                                                Dec 6, 2024 17:40:51.729393005 CET44349773172.67.19.24192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:51.729542017 CET44349773172.67.19.24192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:51.729618073 CET49773443192.168.2.7172.67.19.24
                                                                                                                                                                                Dec 6, 2024 17:40:51.730602026 CET49773443192.168.2.7172.67.19.24
                                                                                                                                                                                Dec 6, 2024 17:40:51.730622053 CET44349773172.67.19.24192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:51.770436049 CET497748767192.168.2.764.23.128.101
                                                                                                                                                                                Dec 6, 2024 17:40:51.890398979 CET87674977464.23.128.101192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:51.891066074 CET497748767192.168.2.764.23.128.101
                                                                                                                                                                                Dec 6, 2024 17:40:51.891897917 CET497748767192.168.2.764.23.128.101
                                                                                                                                                                                Dec 6, 2024 17:40:52.012783051 CET87674977464.23.128.101192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:41:01.786223888 CET497748767192.168.2.764.23.128.101
                                                                                                                                                                                Dec 6, 2024 17:41:01.950522900 CET87674977464.23.128.101192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:41:13.796693087 CET87674977464.23.128.101192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:41:13.796803951 CET497748767192.168.2.764.23.128.101

                                                                                                                                                                                UDP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Dec 6, 2024 17:40:19.367139101 CET4941953192.168.2.71.1.1.1
                                                                                                                                                                                Dec 6, 2024 17:40:47.875161886 CET5912353192.168.2.71.1.1.1
                                                                                                                                                                                Dec 6, 2024 17:40:48.013216019 CET53591231.1.1.1192.168.2.7
                                                                                                                                                                                Dec 6, 2024 17:40:49.701342106 CET5793853192.168.2.71.1.1.1
                                                                                                                                                                                Dec 6, 2024 17:40:49.847446918 CET53579381.1.1.1192.168.2.7

                                                                                                                                                                                DNS Queries

                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                Dec 6, 2024 17:40:19.367139101 CET192.168.2.71.1.1.10x4a46Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 6, 2024 17:40:47.875161886 CET192.168.2.71.1.1.10x5f59Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 6, 2024 17:40:49.701342106 CET192.168.2.71.1.1.10x4db8Standard query (0)pastebin.comA (IP address)IN (0x0001)false

                                                                                                                                                                                DNS Answers

                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                Dec 6, 2024 17:40:11.312026024 CET1.1.1.1192.168.2.70x368No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 6, 2024 17:40:11.312026024 CET1.1.1.1192.168.2.70x368No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 6, 2024 17:40:19.611007929 CET1.1.1.1192.168.2.70x4a46No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                Dec 6, 2024 17:40:21.922683954 CET1.1.1.1192.168.2.70x117cNo error (0)shed.dual-low.s-part-0033.t-0009.t-msedge.nets-part-0033.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                Dec 6, 2024 17:40:21.922683954 CET1.1.1.1192.168.2.70x117cNo error (0)s-part-0033.t-0009.t-msedge.net13.107.246.61A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 6, 2024 17:40:48.013216019 CET1.1.1.1192.168.2.70x5f59No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 6, 2024 17:40:49.847446918 CET1.1.1.1192.168.2.70x4db8No error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 6, 2024 17:40:49.847446918 CET1.1.1.1192.168.2.70x4db8No error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                                                                                                                                                                Dec 6, 2024 17:40:49.847446918 CET1.1.1.1192.168.2.70x4db8No error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false

                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                • pastebin.com
                                                                                                                                                                                • ip-api.com
                                                                                                                                                                                • 64.23.128.101:8767

                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                0192.168.2.749767208.95.112.1806328C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 6, 2024 17:40:48.139307022 CET125OUTGET /json/ HTTP/1.1
                                                                                                                                                                                Host: ip-api.com
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Python/3.10 aiohttp/3.8.1
                                                                                                                                                                                Dec 6, 2024 17:40:49.292891979 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Fri, 06 Dec 2024 16:40:48 GMT
                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                Content-Length: 306
                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                X-Ttl: 60
                                                                                                                                                                                X-Rl: 44
                                                                                                                                                                                Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 7d
                                                                                                                                                                                Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.228"}


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                1192.168.2.74977464.23.128.10187676328C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Dec 6, 2024 17:40:51.891897917 CET268OUTGET / HTTP/1.1
                                                                                                                                                                                Host: 64.23.128.101:8767
                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                Sec-WebSocket-Key: ggD9L9gsHOtc8OE8um6F9Q==
                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                User-Agent: Python/3.10 websockets/12.0


                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                0192.168.2.749773172.67.19.244436328C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-12-06 16:40:51 UTC134OUTGET /raw/D2WBNJMD HTTP/1.1
                                                                                                                                                                                Host: pastebin.com
                                                                                                                                                                                Accept: */*
                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                User-Agent: Python/3.10 aiohttp/3.8.1
                                                                                                                                                                                2024-12-06 16:40:51 UTC391INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Fri, 06 Dec 2024 16:40:51 GMT
                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                x-frame-options: DENY
                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                x-xss-protection: 1;mode=block
                                                                                                                                                                                cache-control: public, max-age=1801
                                                                                                                                                                                CF-Cache-Status: EXPIRED
                                                                                                                                                                                Last-Modified: Fri, 06 Dec 2024 16:40:51 GMT
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8eddb8590a1441f8-EWR
                                                                                                                                                                                2024-12-06 16:40:51 UTC40INData Raw: 32 32 0d 0a 7b 22 75 72 6c 22 3a 20 22 77 73 3a 2f 2f 36 34 2e 32 33 2e 31 32 38 2e 31 30 31 3a 38 37 36 37 22 7d 0d 0a
                                                                                                                                                                                Data Ascii: 22{"url": "ws://64.23.128.101:8767"}
                                                                                                                                                                                2024-12-06 16:40:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Statistics

                                                                                                                                                                                CPU Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Memory Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Behavior

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                System Behavior

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:0
                                                                                                                                                                                Start time:11:40:45
                                                                                                                                                                                Start date:06/12/2024
                                                                                                                                                                                Path:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\cJ6xbAA5Rn.exe"
                                                                                                                                                                                Imagebase:0x7ff6ac3a0000
                                                                                                                                                                                File size:9'068'491 bytes
                                                                                                                                                                                MD5 hash:FC194128C1F7B9B1E338464B0861606B
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:2
                                                                                                                                                                                Start time:11:40:46
                                                                                                                                                                                Start date:06/12/2024
                                                                                                                                                                                Path:C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\cJ6xbAA5Rn.exe"
                                                                                                                                                                                Imagebase:0x7ff6ac3a0000
                                                                                                                                                                                File size:9'068'491 bytes
                                                                                                                                                                                MD5 hash:FC194128C1F7B9B1E338464B0861606B
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:3
                                                                                                                                                                                Start time:11:40:47
                                                                                                                                                                                Start date:06/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                Imagebase:0x7ff74dfb0000
                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:4
                                                                                                                                                                                Start time:11:40:48
                                                                                                                                                                                Start date:06/12/2024
                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Disassembly

                                                                                                                                                                                Reset < >

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:10.8%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:15.1%
                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                  Total number of Limit Nodes:40
                                                                                                                                                                                  execution_graph 19051 7ff6ac3c96f9 19052 7ff6ac3c9708 19051->19052 19054 7ff6ac3c9712 19051->19054 19055 7ff6ac3bf7e8 LeaveCriticalSection 19052->19055 18307 7ff6ac3b4290 18308 7ff6ac3b429b 18307->18308 18316 7ff6ac3be354 18308->18316 18329 7ff6ac3bf788 EnterCriticalSection 18316->18329 14758 7ff6ac3bfa08 14759 7ff6ac3bfa2c 14758->14759 14762 7ff6ac3bfa3c 14758->14762 14760 7ff6ac3b4444 _get_daylight 11 API calls 14759->14760 14761 7ff6ac3bfa31 14760->14761 14763 7ff6ac3bfd1c 14762->14763 14764 7ff6ac3bfa5e 14762->14764 14765 7ff6ac3b4444 _get_daylight 11 API calls 14763->14765 14768 7ff6ac3bfa7f 14764->14768 14902 7ff6ac3c00c4 14764->14902 14766 7ff6ac3bfd21 14765->14766 14769 7ff6ac3b9e18 __free_lconv_num 11 API calls 14766->14769 14770 7ff6ac3bfaf1 14768->14770 14772 7ff6ac3bfaa5 14768->14772 14777 7ff6ac3bfae5 14768->14777 14769->14761 14774 7ff6ac3bdd40 _get_daylight 11 API calls 14770->14774 14790 7ff6ac3bfab4 14770->14790 14771 7ff6ac3bfb9e 14780 7ff6ac3bfbbb 14771->14780 14787 7ff6ac3bfc0d 14771->14787 14917 7ff6ac3b8518 14772->14917 14778 7ff6ac3bfb07 14774->14778 14776 7ff6ac3b9e18 __free_lconv_num 11 API calls 14776->14761 14777->14771 14777->14790 14923 7ff6ac3c64ac 14777->14923 14781 7ff6ac3b9e18 __free_lconv_num 11 API calls 14778->14781 14784 7ff6ac3b9e18 __free_lconv_num 11 API calls 14780->14784 14785 7ff6ac3bfb15 14781->14785 14782 7ff6ac3bfaaf 14786 7ff6ac3b4444 _get_daylight 11 API calls 14782->14786 14783 7ff6ac3bfacd 14783->14777 14789 7ff6ac3c00c4 45 API calls 14783->14789 14788 7ff6ac3bfbc4 14784->14788 14785->14777 14785->14790 14793 7ff6ac3bdd40 _get_daylight 11 API calls 14785->14793 14786->14790 14787->14790 14791 7ff6ac3c24fc 40 API calls 14787->14791 14800 7ff6ac3bfbc9 14788->14800 14959 7ff6ac3c24fc 14788->14959 14789->14777 14790->14776 14792 7ff6ac3bfc4a 14791->14792 14795 7ff6ac3b9e18 __free_lconv_num 11 API calls 14792->14795 14794 7ff6ac3bfb37 14793->14794 14797 7ff6ac3b9e18 __free_lconv_num 11 API calls 14794->14797 14798 7ff6ac3bfc54 14795->14798 14797->14777 14798->14790 14798->14800 14799 7ff6ac3bfd10 14802 7ff6ac3b9e18 __free_lconv_num 11 API calls 14799->14802 14800->14799 14804 7ff6ac3bdd40 _get_daylight 11 API calls 14800->14804 14801 7ff6ac3bfbf5 14803 7ff6ac3b9e18 __free_lconv_num 11 API calls 14801->14803 14802->14761 14803->14800 14805 7ff6ac3bfc98 14804->14805 14806 7ff6ac3bfca0 14805->14806 14807 7ff6ac3bfca9 14805->14807 14809 7ff6ac3b9e18 __free_lconv_num 11 API calls 14806->14809 14889 7ff6ac3b91ac 14807->14889 14810 7ff6ac3bfca7 14809->14810 14816 7ff6ac3b9e18 __free_lconv_num 11 API calls 14810->14816 14812 7ff6ac3bfcc0 14968 7ff6ac3c65c4 14812->14968 14813 7ff6ac3bfd4b 14898 7ff6ac3b9dd0 IsProcessorFeaturePresent 14813->14898 14816->14761 14819 7ff6ac3bfd08 14822 7ff6ac3b9e18 __free_lconv_num 11 API calls 14819->14822 14820 7ff6ac3bfce7 14823 7ff6ac3b4444 _get_daylight 11 API calls 14820->14823 14822->14799 14825 7ff6ac3bfcec 14823->14825 14828 7ff6ac3b9e18 __free_lconv_num 11 API calls 14825->14828 14828->14810 14890 7ff6ac3b91c3 14889->14890 14891 7ff6ac3b91b9 14889->14891 14892 7ff6ac3b4444 _get_daylight 11 API calls 14890->14892 14891->14890 14896 7ff6ac3b91de 14891->14896 14893 7ff6ac3b91ca 14892->14893 14987 7ff6ac3b9db0 14893->14987 14895 7ff6ac3b91d6 14895->14812 14895->14813 14896->14895 14897 7ff6ac3b4444 _get_daylight 11 API calls 14896->14897 14897->14893 14899 7ff6ac3b9de3 14898->14899 15027 7ff6ac3b9ae4 14899->15027 14903 7ff6ac3c00f9 14902->14903 14910 7ff6ac3c00e1 14902->14910 14904 7ff6ac3bdd40 _get_daylight 11 API calls 14903->14904 14913 7ff6ac3c011d 14904->14913 14905 7ff6ac3c01a2 15049 7ff6ac3b920c 14905->15049 14906 7ff6ac3c017e 14908 7ff6ac3b9e18 __free_lconv_num 11 API calls 14906->14908 14908->14910 14910->14768 14911 7ff6ac3bdd40 _get_daylight 11 API calls 14911->14913 14912 7ff6ac3b9e18 __free_lconv_num 11 API calls 14912->14913 14913->14905 14913->14906 14913->14911 14913->14912 14914 7ff6ac3b91ac __std_exception_copy 37 API calls 14913->14914 14915 7ff6ac3c018d 14913->14915 14914->14913 14916 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 14915->14916 14916->14905 14918 7ff6ac3b8528 14917->14918 14921 7ff6ac3b8531 14917->14921 14918->14921 15115 7ff6ac3b7ff0 14918->15115 14921->14782 14921->14783 14924 7ff6ac3c64b9 14923->14924 14925 7ff6ac3c565c 14923->14925 14927 7ff6ac3b4a1c 45 API calls 14924->14927 14926 7ff6ac3c5669 14925->14926 14931 7ff6ac3c569f 14925->14931 14929 7ff6ac3b4444 _get_daylight 11 API calls 14926->14929 14945 7ff6ac3c5610 14926->14945 14928 7ff6ac3c64ed 14927->14928 14935 7ff6ac3c6503 14928->14935 14940 7ff6ac3c651a 14928->14940 14956 7ff6ac3c64f2 14928->14956 14932 7ff6ac3c5673 14929->14932 14930 7ff6ac3c56c9 14933 7ff6ac3b4444 _get_daylight 11 API calls 14930->14933 14931->14930 14934 7ff6ac3c56ee 14931->14934 14936 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 14932->14936 14937 7ff6ac3c56ce 14933->14937 14939 7ff6ac3c56d9 14934->14939 14946 7ff6ac3b4a1c 45 API calls 14934->14946 14941 7ff6ac3b4444 _get_daylight 11 API calls 14935->14941 14942 7ff6ac3c567e 14936->14942 14938 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 14937->14938 14938->14939 14939->14777 14943 7ff6ac3c6524 14940->14943 14944 7ff6ac3c6536 14940->14944 14947 7ff6ac3c6508 14941->14947 14942->14777 14948 7ff6ac3b4444 _get_daylight 11 API calls 14943->14948 14949 7ff6ac3c655e 14944->14949 14950 7ff6ac3c6547 14944->14950 14945->14777 14946->14939 14951 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 14947->14951 14952 7ff6ac3c6529 14948->14952 15409 7ff6ac3c8388 14949->15409 15400 7ff6ac3c56ac 14950->15400 14951->14956 14955 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 14952->14955 14955->14956 14956->14777 14958 7ff6ac3b4444 _get_daylight 11 API calls 14958->14956 14960 7ff6ac3c251e 14959->14960 14961 7ff6ac3c253b 14959->14961 14960->14961 14963 7ff6ac3c252c 14960->14963 14962 7ff6ac3c2545 14961->14962 15449 7ff6ac3c6fb8 14961->15449 15456 7ff6ac3bf98c 14962->15456 14965 7ff6ac3b4444 _get_daylight 11 API calls 14963->14965 14967 7ff6ac3c2531 memcpy_s 14965->14967 14967->14801 14969 7ff6ac3b4a1c 45 API calls 14968->14969 14970 7ff6ac3c662a 14969->14970 14972 7ff6ac3c6638 14970->14972 15468 7ff6ac3bdfcc 14970->15468 15471 7ff6ac3b4504 14972->15471 14975 7ff6ac3b4a1c 45 API calls 14977 7ff6ac3c66a7 14975->14977 14976 7ff6ac3c6724 14978 7ff6ac3c6735 14976->14978 14980 7ff6ac3b9e18 __free_lconv_num 11 API calls 14976->14980 14982 7ff6ac3bdfcc 5 API calls 14977->14982 14983 7ff6ac3c66b0 14977->14983 14979 7ff6ac3bfce3 14978->14979 14981 7ff6ac3b9e18 __free_lconv_num 11 API calls 14978->14981 14979->14819 14979->14820 14980->14978 14981->14979 14982->14983 14984 7ff6ac3b4504 14 API calls 14983->14984 14985 7ff6ac3c670b 14984->14985 14985->14976 14986 7ff6ac3c6713 SetEnvironmentVariableW 14985->14986 14986->14976 14989 7ff6ac3b9c48 14987->14989 14990 7ff6ac3b9c73 14989->14990 14993 7ff6ac3b9ce4 14990->14993 14992 7ff6ac3b9c9a 15001 7ff6ac3b9a2c 14993->15001 14996 7ff6ac3b9d1f 14996->14992 14999 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 15000 7ff6ac3b9daf 14999->15000 15002 7ff6ac3b9a83 15001->15002 15003 7ff6ac3b9a48 GetLastError 15001->15003 15002->14996 15007 7ff6ac3b9a98 15002->15007 15004 7ff6ac3b9a58 15003->15004 15010 7ff6ac3ba860 15004->15010 15008 7ff6ac3b9ab4 GetLastError SetLastError 15007->15008 15009 7ff6ac3b9acc 15007->15009 15008->15009 15009->14996 15009->14999 15011 7ff6ac3ba87f FlsGetValue 15010->15011 15012 7ff6ac3ba89a FlsSetValue 15010->15012 15013 7ff6ac3ba894 15011->15013 15015 7ff6ac3b9a73 SetLastError 15011->15015 15014 7ff6ac3ba8a7 15012->15014 15012->15015 15013->15012 15016 7ff6ac3bdd40 _get_daylight 11 API calls 15014->15016 15015->15002 15017 7ff6ac3ba8b6 15016->15017 15018 7ff6ac3ba8d4 FlsSetValue 15017->15018 15019 7ff6ac3ba8c4 FlsSetValue 15017->15019 15020 7ff6ac3ba8e0 FlsSetValue 15018->15020 15021 7ff6ac3ba8f2 15018->15021 15022 7ff6ac3ba8cd 15019->15022 15020->15022 15023 7ff6ac3ba3c4 _get_daylight 11 API calls 15021->15023 15024 7ff6ac3b9e18 __free_lconv_num 11 API calls 15022->15024 15025 7ff6ac3ba8fa 15023->15025 15024->15015 15026 7ff6ac3b9e18 __free_lconv_num 11 API calls 15025->15026 15026->15015 15028 7ff6ac3b9b1e _wfindfirst32i64 memcpy_s 15027->15028 15029 7ff6ac3b9b46 RtlCaptureContext RtlLookupFunctionEntry 15028->15029 15030 7ff6ac3b9b80 RtlVirtualUnwind 15029->15030 15031 7ff6ac3b9bb6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15029->15031 15030->15031 15034 7ff6ac3b9c08 _wfindfirst32i64 15031->15034 15035 7ff6ac3aad80 15034->15035 15036 7ff6ac3aad89 15035->15036 15037 7ff6ac3aad94 GetCurrentProcess TerminateProcess 15036->15037 15038 7ff6ac3aae40 IsProcessorFeaturePresent 15036->15038 15039 7ff6ac3aae58 15038->15039 15044 7ff6ac3ab034 RtlCaptureContext 15039->15044 15045 7ff6ac3ab04e RtlLookupFunctionEntry 15044->15045 15046 7ff6ac3ab064 RtlVirtualUnwind 15045->15046 15047 7ff6ac3aae6b 15045->15047 15046->15045 15046->15047 15048 7ff6ac3aae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15047->15048 15058 7ff6ac3c2770 15049->15058 15084 7ff6ac3c2728 15058->15084 15089 7ff6ac3bf788 EnterCriticalSection 15084->15089 15116 7ff6ac3b8009 15115->15116 15125 7ff6ac3b8005 15115->15125 15138 7ff6ac3c1730 15116->15138 15121 7ff6ac3b8027 15164 7ff6ac3b80d4 15121->15164 15122 7ff6ac3b801b 15123 7ff6ac3b9e18 __free_lconv_num 11 API calls 15122->15123 15123->15125 15125->14921 15130 7ff6ac3b8344 15125->15130 15127 7ff6ac3b9e18 __free_lconv_num 11 API calls 15128 7ff6ac3b804e 15127->15128 15129 7ff6ac3b9e18 __free_lconv_num 11 API calls 15128->15129 15129->15125 15131 7ff6ac3b836d 15130->15131 15136 7ff6ac3b8386 15130->15136 15131->14921 15132 7ff6ac3bf0b8 WideCharToMultiByte 15132->15136 15133 7ff6ac3bdd40 _get_daylight 11 API calls 15133->15136 15134 7ff6ac3b8416 15135 7ff6ac3b9e18 __free_lconv_num 11 API calls 15134->15135 15135->15131 15136->15131 15136->15132 15136->15133 15136->15134 15137 7ff6ac3b9e18 __free_lconv_num 11 API calls 15136->15137 15137->15136 15139 7ff6ac3b800e 15138->15139 15140 7ff6ac3c173d 15138->15140 15144 7ff6ac3c1a6c GetEnvironmentStringsW 15139->15144 15183 7ff6ac3ba6f4 15140->15183 15145 7ff6ac3b8013 15144->15145 15146 7ff6ac3c1a9c 15144->15146 15145->15121 15145->15122 15147 7ff6ac3bf0b8 WideCharToMultiByte 15146->15147 15148 7ff6ac3c1aed 15147->15148 15149 7ff6ac3c1af4 FreeEnvironmentStringsW 15148->15149 15150 7ff6ac3bcacc _fread_nolock 12 API calls 15148->15150 15149->15145 15151 7ff6ac3c1b07 15150->15151 15152 7ff6ac3c1b0f 15151->15152 15153 7ff6ac3c1b18 15151->15153 15154 7ff6ac3b9e18 __free_lconv_num 11 API calls 15152->15154 15155 7ff6ac3bf0b8 WideCharToMultiByte 15153->15155 15156 7ff6ac3c1b16 15154->15156 15157 7ff6ac3c1b3b 15155->15157 15156->15149 15158 7ff6ac3c1b3f 15157->15158 15159 7ff6ac3c1b49 15157->15159 15160 7ff6ac3b9e18 __free_lconv_num 11 API calls 15158->15160 15161 7ff6ac3b9e18 __free_lconv_num 11 API calls 15159->15161 15162 7ff6ac3c1b47 FreeEnvironmentStringsW 15160->15162 15161->15162 15162->15145 15165 7ff6ac3b80f9 15164->15165 15166 7ff6ac3bdd40 _get_daylight 11 API calls 15165->15166 15175 7ff6ac3b812f 15166->15175 15167 7ff6ac3b9e18 __free_lconv_num 11 API calls 15169 7ff6ac3b802f 15167->15169 15168 7ff6ac3b81aa 15170 7ff6ac3b9e18 __free_lconv_num 11 API calls 15168->15170 15169->15127 15170->15169 15171 7ff6ac3bdd40 _get_daylight 11 API calls 15171->15175 15172 7ff6ac3b8199 15394 7ff6ac3b8300 15172->15394 15173 7ff6ac3b91ac __std_exception_copy 37 API calls 15173->15175 15175->15168 15175->15171 15175->15172 15175->15173 15177 7ff6ac3b81cf 15175->15177 15179 7ff6ac3b8137 15175->15179 15181 7ff6ac3b9e18 __free_lconv_num 11 API calls 15175->15181 15180 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 15177->15180 15178 7ff6ac3b9e18 __free_lconv_num 11 API calls 15178->15179 15179->15167 15182 7ff6ac3b81e2 15180->15182 15181->15175 15184 7ff6ac3ba720 FlsSetValue 15183->15184 15185 7ff6ac3ba705 FlsGetValue 15183->15185 15186 7ff6ac3ba712 15184->15186 15188 7ff6ac3ba72d 15184->15188 15185->15186 15187 7ff6ac3ba71a 15185->15187 15189 7ff6ac3ba718 15186->15189 15190 7ff6ac3b920c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15186->15190 15187->15184 15191 7ff6ac3bdd40 _get_daylight 11 API calls 15188->15191 15203 7ff6ac3c1404 15189->15203 15192 7ff6ac3ba795 15190->15192 15193 7ff6ac3ba73c 15191->15193 15194 7ff6ac3ba75a FlsSetValue 15193->15194 15195 7ff6ac3ba74a FlsSetValue 15193->15195 15197 7ff6ac3ba778 15194->15197 15198 7ff6ac3ba766 FlsSetValue 15194->15198 15196 7ff6ac3ba753 15195->15196 15199 7ff6ac3b9e18 __free_lconv_num 11 API calls 15196->15199 15200 7ff6ac3ba3c4 _get_daylight 11 API calls 15197->15200 15198->15196 15199->15186 15201 7ff6ac3ba780 15200->15201 15202 7ff6ac3b9e18 __free_lconv_num 11 API calls 15201->15202 15202->15189 15226 7ff6ac3c1674 15203->15226 15205 7ff6ac3c1439 15241 7ff6ac3c1104 15205->15241 15208 7ff6ac3bcacc _fread_nolock 12 API calls 15209 7ff6ac3c1467 15208->15209 15210 7ff6ac3c146f 15209->15210 15212 7ff6ac3c147e 15209->15212 15211 7ff6ac3b9e18 __free_lconv_num 11 API calls 15210->15211 15223 7ff6ac3c1456 15211->15223 15248 7ff6ac3c17ac 15212->15248 15215 7ff6ac3c157a 15216 7ff6ac3b4444 _get_daylight 11 API calls 15215->15216 15217 7ff6ac3c157f 15216->15217 15219 7ff6ac3b9e18 __free_lconv_num 11 API calls 15217->15219 15218 7ff6ac3c15d5 15221 7ff6ac3c163c 15218->15221 15259 7ff6ac3c0f34 15218->15259 15219->15223 15220 7ff6ac3c1594 15220->15218 15224 7ff6ac3b9e18 __free_lconv_num 11 API calls 15220->15224 15222 7ff6ac3b9e18 __free_lconv_num 11 API calls 15221->15222 15222->15223 15223->15139 15224->15218 15227 7ff6ac3c1697 15226->15227 15228 7ff6ac3c16a1 15227->15228 15274 7ff6ac3bf788 EnterCriticalSection 15227->15274 15231 7ff6ac3c1713 15228->15231 15233 7ff6ac3b920c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15228->15233 15231->15205 15236 7ff6ac3c172b 15233->15236 15237 7ff6ac3ba6f4 50 API calls 15236->15237 15240 7ff6ac3c1782 15236->15240 15238 7ff6ac3c176c 15237->15238 15239 7ff6ac3c1404 65 API calls 15238->15239 15239->15240 15240->15205 15275 7ff6ac3b4a1c 15241->15275 15244 7ff6ac3c1124 GetOEMCP 15246 7ff6ac3c114b 15244->15246 15245 7ff6ac3c1136 15245->15246 15247 7ff6ac3c113b GetACP 15245->15247 15246->15208 15246->15223 15247->15246 15249 7ff6ac3c1104 47 API calls 15248->15249 15250 7ff6ac3c17d9 15249->15250 15251 7ff6ac3c192f 15250->15251 15252 7ff6ac3c1816 IsValidCodePage 15250->15252 15258 7ff6ac3c1830 memcpy_s 15250->15258 15253 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15251->15253 15252->15251 15255 7ff6ac3c1827 15252->15255 15254 7ff6ac3c1571 15253->15254 15254->15215 15254->15220 15256 7ff6ac3c1856 GetCPInfo 15255->15256 15255->15258 15256->15251 15256->15258 15307 7ff6ac3c121c 15258->15307 15393 7ff6ac3bf788 EnterCriticalSection 15259->15393 15276 7ff6ac3b4a40 15275->15276 15282 7ff6ac3b4a3b 15275->15282 15277 7ff6ac3ba620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15276->15277 15276->15282 15278 7ff6ac3b4a5b 15277->15278 15283 7ff6ac3bcb2c 15278->15283 15282->15244 15282->15245 15284 7ff6ac3bcb41 15283->15284 15285 7ff6ac3b4a7e 15283->15285 15284->15285 15291 7ff6ac3c2424 15284->15291 15287 7ff6ac3bcb98 15285->15287 15288 7ff6ac3bcbad 15287->15288 15290 7ff6ac3bcbc0 15287->15290 15288->15290 15304 7ff6ac3c1790 15288->15304 15290->15282 15292 7ff6ac3ba620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15291->15292 15293 7ff6ac3c2433 15292->15293 15294 7ff6ac3c247e 15293->15294 15303 7ff6ac3bf788 EnterCriticalSection 15293->15303 15294->15285 15305 7ff6ac3ba620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15304->15305 15306 7ff6ac3c1799 15305->15306 15308 7ff6ac3c1259 GetCPInfo 15307->15308 15317 7ff6ac3c134f 15307->15317 15314 7ff6ac3c126c 15308->15314 15308->15317 15309 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15311 7ff6ac3c13ee 15309->15311 15311->15251 15318 7ff6ac3c1f60 15314->15318 15317->15309 15319 7ff6ac3b4a1c 45 API calls 15318->15319 15320 7ff6ac3c1fa2 15319->15320 15338 7ff6ac3be7f0 15320->15338 15340 7ff6ac3be7f9 MultiByteToWideChar 15338->15340 15395 7ff6ac3b8305 15394->15395 15399 7ff6ac3b81a1 15394->15399 15396 7ff6ac3b832e 15395->15396 15397 7ff6ac3b9e18 __free_lconv_num 11 API calls 15395->15397 15398 7ff6ac3b9e18 __free_lconv_num 11 API calls 15396->15398 15397->15395 15398->15399 15399->15178 15401 7ff6ac3c56e0 15400->15401 15402 7ff6ac3c56c9 15400->15402 15401->15402 15404 7ff6ac3c56ee 15401->15404 15403 7ff6ac3b4444 _get_daylight 11 API calls 15402->15403 15405 7ff6ac3c56ce 15403->15405 15407 7ff6ac3b4a1c 45 API calls 15404->15407 15408 7ff6ac3c56d9 15404->15408 15406 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 15405->15406 15406->15408 15407->15408 15408->14956 15410 7ff6ac3b4a1c 45 API calls 15409->15410 15411 7ff6ac3c83ad 15410->15411 15414 7ff6ac3c8004 15411->15414 15416 7ff6ac3c8052 15414->15416 15415 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15417 7ff6ac3c6585 15415->15417 15418 7ff6ac3c80d9 15416->15418 15420 7ff6ac3c80c4 GetCPInfo 15416->15420 15423 7ff6ac3c80dd 15416->15423 15417->14956 15417->14958 15419 7ff6ac3be7f0 _fread_nolock MultiByteToWideChar 15418->15419 15418->15423 15421 7ff6ac3c8171 15419->15421 15420->15418 15420->15423 15422 7ff6ac3bcacc _fread_nolock 12 API calls 15421->15422 15421->15423 15424 7ff6ac3c81a8 15421->15424 15422->15424 15423->15415 15424->15423 15425 7ff6ac3be7f0 _fread_nolock MultiByteToWideChar 15424->15425 15426 7ff6ac3c8216 15425->15426 15427 7ff6ac3c82f8 15426->15427 15428 7ff6ac3be7f0 _fread_nolock MultiByteToWideChar 15426->15428 15427->15423 15429 7ff6ac3b9e18 __free_lconv_num 11 API calls 15427->15429 15430 7ff6ac3c823c 15428->15430 15429->15423 15430->15427 15431 7ff6ac3bcacc _fread_nolock 12 API calls 15430->15431 15432 7ff6ac3c8269 15430->15432 15431->15432 15432->15427 15433 7ff6ac3be7f0 _fread_nolock MultiByteToWideChar 15432->15433 15434 7ff6ac3c82e0 15433->15434 15435 7ff6ac3c8300 15434->15435 15436 7ff6ac3c82e6 15434->15436 15443 7ff6ac3be010 15435->15443 15436->15427 15438 7ff6ac3b9e18 __free_lconv_num 11 API calls 15436->15438 15438->15427 15440 7ff6ac3c833f 15440->15423 15442 7ff6ac3b9e18 __free_lconv_num 11 API calls 15440->15442 15441 7ff6ac3b9e18 __free_lconv_num 11 API calls 15441->15440 15442->15423 15444 7ff6ac3bddb8 __crtLCMapStringW 5 API calls 15443->15444 15445 7ff6ac3be04e 15444->15445 15446 7ff6ac3be278 __crtLCMapStringW 5 API calls 15445->15446 15448 7ff6ac3be056 15445->15448 15447 7ff6ac3be0bf CompareStringW 15446->15447 15447->15448 15448->15440 15448->15441 15450 7ff6ac3c6fc1 15449->15450 15451 7ff6ac3c6fda HeapSize 15449->15451 15452 7ff6ac3b4444 _get_daylight 11 API calls 15450->15452 15453 7ff6ac3c6fc6 15452->15453 15454 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 15453->15454 15455 7ff6ac3c6fd1 15454->15455 15455->14962 15457 7ff6ac3bf9a1 15456->15457 15458 7ff6ac3bf9ab 15456->15458 15460 7ff6ac3bcacc _fread_nolock 12 API calls 15457->15460 15459 7ff6ac3bf9b0 15458->15459 15466 7ff6ac3bf9b7 _get_daylight 15458->15466 15461 7ff6ac3b9e18 __free_lconv_num 11 API calls 15459->15461 15464 7ff6ac3bf9a9 15460->15464 15461->15464 15462 7ff6ac3bf9bd 15465 7ff6ac3b4444 _get_daylight 11 API calls 15462->15465 15463 7ff6ac3bf9ea HeapReAlloc 15463->15464 15463->15466 15464->14967 15465->15464 15466->15462 15466->15463 15467 7ff6ac3c26b0 _get_daylight 2 API calls 15466->15467 15467->15466 15469 7ff6ac3bddb8 __crtLCMapStringW 5 API calls 15468->15469 15470 7ff6ac3bdfec 15469->15470 15470->14972 15472 7ff6ac3b452e 15471->15472 15473 7ff6ac3b4552 15471->15473 15477 7ff6ac3b9e18 __free_lconv_num 11 API calls 15472->15477 15480 7ff6ac3b453d 15472->15480 15474 7ff6ac3b4557 15473->15474 15475 7ff6ac3b45ac 15473->15475 15478 7ff6ac3b456c 15474->15478 15474->15480 15481 7ff6ac3b9e18 __free_lconv_num 11 API calls 15474->15481 15476 7ff6ac3be7f0 _fread_nolock MultiByteToWideChar 15475->15476 15488 7ff6ac3b45c8 15476->15488 15477->15480 15482 7ff6ac3bcacc _fread_nolock 12 API calls 15478->15482 15479 7ff6ac3b45cf GetLastError 15493 7ff6ac3b43b8 15479->15493 15480->14975 15480->14976 15481->15478 15482->15480 15484 7ff6ac3b460a 15484->15480 15485 7ff6ac3be7f0 _fread_nolock MultiByteToWideChar 15484->15485 15489 7ff6ac3b464e 15485->15489 15487 7ff6ac3b45fd 15492 7ff6ac3bcacc _fread_nolock 12 API calls 15487->15492 15488->15479 15488->15484 15488->15487 15491 7ff6ac3b9e18 __free_lconv_num 11 API calls 15488->15491 15489->15479 15489->15480 15490 7ff6ac3b4444 _get_daylight 11 API calls 15490->15480 15491->15487 15492->15484 15494 7ff6ac3ba798 _get_daylight 11 API calls 15493->15494 15495 7ff6ac3b43c5 __free_lconv_num 15494->15495 15496 7ff6ac3ba798 _get_daylight 11 API calls 15495->15496 15497 7ff6ac3b43e7 15496->15497 15497->15490 18444 7ff6ac3ba4a0 18445 7ff6ac3ba4ba 18444->18445 18446 7ff6ac3ba4a5 18444->18446 18450 7ff6ac3ba4c0 18446->18450 18451 7ff6ac3ba50a 18450->18451 18452 7ff6ac3ba502 18450->18452 18454 7ff6ac3b9e18 __free_lconv_num 11 API calls 18451->18454 18453 7ff6ac3b9e18 __free_lconv_num 11 API calls 18452->18453 18453->18451 18455 7ff6ac3ba517 18454->18455 18456 7ff6ac3b9e18 __free_lconv_num 11 API calls 18455->18456 18457 7ff6ac3ba524 18456->18457 18458 7ff6ac3b9e18 __free_lconv_num 11 API calls 18457->18458 18459 7ff6ac3ba531 18458->18459 18460 7ff6ac3b9e18 __free_lconv_num 11 API calls 18459->18460 18461 7ff6ac3ba53e 18460->18461 18462 7ff6ac3b9e18 __free_lconv_num 11 API calls 18461->18462 18463 7ff6ac3ba54b 18462->18463 18464 7ff6ac3b9e18 __free_lconv_num 11 API calls 18463->18464 18465 7ff6ac3ba558 18464->18465 18466 7ff6ac3b9e18 __free_lconv_num 11 API calls 18465->18466 18467 7ff6ac3ba565 18466->18467 18468 7ff6ac3b9e18 __free_lconv_num 11 API calls 18467->18468 18469 7ff6ac3ba575 18468->18469 18470 7ff6ac3b9e18 __free_lconv_num 11 API calls 18469->18470 18471 7ff6ac3ba585 18470->18471 18476 7ff6ac3ba364 18471->18476 18490 7ff6ac3bf788 EnterCriticalSection 18476->18490 15498 7ff6ac3ab19c 15519 7ff6ac3ab36c 15498->15519 15501 7ff6ac3ab2e8 15621 7ff6ac3ab69c IsProcessorFeaturePresent 15501->15621 15502 7ff6ac3ab1b8 __scrt_acquire_startup_lock 15504 7ff6ac3ab2f2 15502->15504 15509 7ff6ac3ab1d6 __scrt_release_startup_lock 15502->15509 15505 7ff6ac3ab69c 7 API calls 15504->15505 15507 7ff6ac3ab2fd __FrameHandler3::FrameUnwindToEmptyState 15505->15507 15506 7ff6ac3ab1fb 15508 7ff6ac3ab281 15525 7ff6ac3ab7e8 15508->15525 15509->15506 15509->15508 15610 7ff6ac3b8984 15509->15610 15511 7ff6ac3ab286 15528 7ff6ac3a1000 15511->15528 15516 7ff6ac3ab2a9 15516->15507 15617 7ff6ac3ab500 15516->15617 15628 7ff6ac3ab96c 15519->15628 15522 7ff6ac3ab1b0 15522->15501 15522->15502 15523 7ff6ac3ab39b __scrt_initialize_crt 15523->15522 15630 7ff6ac3acac8 15523->15630 15657 7ff6ac3ac210 15525->15657 15529 7ff6ac3a100b 15528->15529 15659 7ff6ac3a7600 15529->15659 15531 7ff6ac3a101d 15666 7ff6ac3b4f14 15531->15666 15533 7ff6ac3a367b 15673 7ff6ac3a1af0 15533->15673 15537 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15538 7ff6ac3a37ae 15537->15538 15615 7ff6ac3ab82c GetModuleHandleW 15538->15615 15539 7ff6ac3a3699 15568 7ff6ac3a379a 15539->15568 15689 7ff6ac3a3b20 15539->15689 15541 7ff6ac3a36cb 15541->15568 15692 7ff6ac3a6990 15541->15692 15543 7ff6ac3a36e7 15544 7ff6ac3a3733 15543->15544 15545 7ff6ac3a6990 61 API calls 15543->15545 15707 7ff6ac3a6f90 15544->15707 15551 7ff6ac3a3708 __std_exception_destroy 15545->15551 15547 7ff6ac3a3748 15711 7ff6ac3a19d0 15547->15711 15550 7ff6ac3a383d 15553 7ff6ac3a3868 15550->15553 15816 7ff6ac3a3280 15550->15816 15551->15544 15556 7ff6ac3a6f90 58 API calls 15551->15556 15552 7ff6ac3a19d0 121 API calls 15555 7ff6ac3a377e 15552->15555 15564 7ff6ac3a38ab 15553->15564 15722 7ff6ac3a7a30 15553->15722 15559 7ff6ac3a37c0 15555->15559 15560 7ff6ac3a3782 15555->15560 15556->15544 15558 7ff6ac3a3888 15561 7ff6ac3a389e SetDllDirectoryW 15558->15561 15562 7ff6ac3a388d 15558->15562 15559->15550 15793 7ff6ac3a3cb0 15559->15793 15780 7ff6ac3a2770 15560->15780 15561->15564 15565 7ff6ac3a2770 59 API calls 15562->15565 15736 7ff6ac3a5e40 15564->15736 15565->15568 15568->15537 15571 7ff6ac3a37e2 15576 7ff6ac3a2770 59 API calls 15571->15576 15572 7ff6ac3a3906 15579 7ff6ac3a39c6 15572->15579 15587 7ff6ac3a3919 15572->15587 15575 7ff6ac3a3810 15575->15550 15578 7ff6ac3a3815 15575->15578 15576->15568 15577 7ff6ac3a38c8 15577->15572 15830 7ff6ac3a5640 15577->15830 15812 7ff6ac3af2ac 15578->15812 15740 7ff6ac3a3110 15579->15740 15585 7ff6ac3a38dd 15850 7ff6ac3a55d0 15585->15850 15586 7ff6ac3a38fc 15924 7ff6ac3a5890 15586->15924 15592 7ff6ac3a3965 15587->15592 15930 7ff6ac3a1b30 15587->15930 15592->15568 15934 7ff6ac3a30b0 15592->15934 15593 7ff6ac3a38e7 15593->15586 15595 7ff6ac3a38eb 15593->15595 15594 7ff6ac3a39fb 15596 7ff6ac3a6990 61 API calls 15594->15596 15918 7ff6ac3a5c90 15595->15918 15601 7ff6ac3a3a07 15596->15601 15599 7ff6ac3a39a1 15602 7ff6ac3a5890 FreeLibrary 15599->15602 15601->15568 15757 7ff6ac3a6fd0 15601->15757 15602->15568 15611 7ff6ac3b89bc 15610->15611 15612 7ff6ac3b899b 15610->15612 18194 7ff6ac3b90d8 15611->18194 15612->15508 15616 7ff6ac3ab83d 15615->15616 15616->15516 15619 7ff6ac3ab511 15617->15619 15618 7ff6ac3ab2c0 15618->15506 15619->15618 15620 7ff6ac3acac8 __scrt_initialize_crt 7 API calls 15619->15620 15620->15618 15622 7ff6ac3ab6c2 _wfindfirst32i64 memcpy_s 15621->15622 15623 7ff6ac3ab6e1 RtlCaptureContext RtlLookupFunctionEntry 15622->15623 15624 7ff6ac3ab746 memcpy_s 15623->15624 15625 7ff6ac3ab70a RtlVirtualUnwind 15623->15625 15626 7ff6ac3ab778 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15624->15626 15625->15624 15627 7ff6ac3ab7ca _wfindfirst32i64 15626->15627 15627->15504 15629 7ff6ac3ab38e __scrt_dllmain_crt_thread_attach 15628->15629 15629->15522 15629->15523 15631 7ff6ac3acad0 15630->15631 15632 7ff6ac3acada 15630->15632 15636 7ff6ac3ace44 15631->15636 15632->15522 15637 7ff6ac3acad5 15636->15637 15638 7ff6ac3ace53 15636->15638 15640 7ff6ac3aceb0 15637->15640 15644 7ff6ac3ad080 15638->15644 15641 7ff6ac3acedb 15640->15641 15642 7ff6ac3acebe DeleteCriticalSection 15641->15642 15643 7ff6ac3acedf 15641->15643 15642->15641 15643->15632 15648 7ff6ac3acee8 15644->15648 15649 7ff6ac3ad002 TlsFree 15648->15649 15655 7ff6ac3acf2c __vcrt_FlsAlloc 15648->15655 15650 7ff6ac3acf5a LoadLibraryExW 15652 7ff6ac3acfd1 15650->15652 15653 7ff6ac3acf7b GetLastError 15650->15653 15651 7ff6ac3acff1 GetProcAddress 15651->15649 15652->15651 15654 7ff6ac3acfe8 FreeLibrary 15652->15654 15653->15655 15654->15651 15655->15649 15655->15650 15655->15651 15656 7ff6ac3acf9d LoadLibraryExW 15655->15656 15656->15652 15656->15655 15658 7ff6ac3ab7ff GetStartupInfoW 15657->15658 15658->15511 15661 7ff6ac3a761f 15659->15661 15660 7ff6ac3a7670 WideCharToMultiByte 15660->15661 15662 7ff6ac3a7718 15660->15662 15661->15660 15661->15662 15663 7ff6ac3a76c6 WideCharToMultiByte 15661->15663 15665 7ff6ac3a7627 __std_exception_destroy 15661->15665 15989 7ff6ac3a2620 15662->15989 15663->15661 15663->15662 15665->15531 15669 7ff6ac3bec40 15666->15669 15667 7ff6ac3bec93 15668 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 15667->15668 15672 7ff6ac3becbc 15668->15672 15669->15667 15670 7ff6ac3bece6 15669->15670 16320 7ff6ac3beb18 15670->16320 15672->15533 15674 7ff6ac3a1b05 15673->15674 15675 7ff6ac3a1b20 15674->15675 16328 7ff6ac3a24d0 15674->16328 15675->15568 15677 7ff6ac3a3ba0 15675->15677 15678 7ff6ac3aadb0 15677->15678 15679 7ff6ac3a3bac GetModuleFileNameW 15678->15679 15680 7ff6ac3a3bf2 15679->15680 15681 7ff6ac3a3bdb 15679->15681 16368 7ff6ac3a7b40 15680->16368 15683 7ff6ac3a2620 57 API calls 15681->15683 15685 7ff6ac3a3bee 15683->15685 15687 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15685->15687 15686 7ff6ac3a2770 59 API calls 15686->15685 15688 7ff6ac3a3c2f 15687->15688 15688->15539 15690 7ff6ac3a1b30 49 API calls 15689->15690 15691 7ff6ac3a3b3d 15690->15691 15691->15541 15693 7ff6ac3a699a 15692->15693 15694 7ff6ac3a7a30 57 API calls 15693->15694 15695 7ff6ac3a69bc GetEnvironmentVariableW 15694->15695 15696 7ff6ac3a69d4 ExpandEnvironmentStringsW 15695->15696 15697 7ff6ac3a6a26 15695->15697 15699 7ff6ac3a7b40 59 API calls 15696->15699 15698 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15697->15698 15700 7ff6ac3a6a38 15698->15700 15701 7ff6ac3a69fc 15699->15701 15700->15543 15701->15697 15702 7ff6ac3a6a06 15701->15702 16379 7ff6ac3b910c 15702->16379 15705 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15706 7ff6ac3a6a1e 15705->15706 15706->15543 15708 7ff6ac3a7a30 57 API calls 15707->15708 15709 7ff6ac3a6fa7 SetEnvironmentVariableW 15708->15709 15710 7ff6ac3a6fbf __std_exception_destroy 15709->15710 15710->15547 15712 7ff6ac3a1b30 49 API calls 15711->15712 15713 7ff6ac3a1a00 15712->15713 15714 7ff6ac3a1b30 49 API calls 15713->15714 15721 7ff6ac3a1a7a 15713->15721 15715 7ff6ac3a1a22 15714->15715 15716 7ff6ac3a3b20 49 API calls 15715->15716 15715->15721 15717 7ff6ac3a1a3b 15716->15717 16386 7ff6ac3a17b0 15717->16386 15720 7ff6ac3af2ac 74 API calls 15720->15721 15721->15550 15721->15552 15723 7ff6ac3a7a51 MultiByteToWideChar 15722->15723 15724 7ff6ac3a7ad7 MultiByteToWideChar 15722->15724 15725 7ff6ac3a7a77 15723->15725 15726 7ff6ac3a7a9c 15723->15726 15727 7ff6ac3a7b1f 15724->15727 15728 7ff6ac3a7afa 15724->15728 15729 7ff6ac3a2620 55 API calls 15725->15729 15726->15724 15733 7ff6ac3a7ab2 15726->15733 15727->15558 15730 7ff6ac3a2620 55 API calls 15728->15730 15731 7ff6ac3a7a8a 15729->15731 15732 7ff6ac3a7b0d 15730->15732 15731->15558 15732->15558 15734 7ff6ac3a2620 55 API calls 15733->15734 15735 7ff6ac3a7ac5 15734->15735 15735->15558 15737 7ff6ac3a5e55 15736->15737 15738 7ff6ac3a38b0 15737->15738 15739 7ff6ac3a24d0 59 API calls 15737->15739 15738->15572 15820 7ff6ac3a5ae0 15738->15820 15739->15738 15741 7ff6ac3a31c4 15740->15741 15749 7ff6ac3a3183 15740->15749 15742 7ff6ac3a3203 15741->15742 15743 7ff6ac3a1ab0 74 API calls 15741->15743 15744 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15742->15744 15743->15741 15745 7ff6ac3a3215 15744->15745 15745->15568 15750 7ff6ac3a6f20 15745->15750 15749->15741 16459 7ff6ac3a1440 15749->16459 16493 7ff6ac3a2990 15749->16493 16548 7ff6ac3a1780 15749->16548 15751 7ff6ac3a7a30 57 API calls 15750->15751 15752 7ff6ac3a6f3f 15751->15752 15753 7ff6ac3a7a30 57 API calls 15752->15753 15754 7ff6ac3a6f4f 15753->15754 15755 7ff6ac3b66b4 38 API calls 15754->15755 15756 7ff6ac3a6f5d __std_exception_destroy 15755->15756 15756->15594 15758 7ff6ac3a6fe0 15757->15758 15759 7ff6ac3a7a30 57 API calls 15758->15759 15760 7ff6ac3a7011 SetConsoleCtrlHandler GetStartupInfoW 15759->15760 15761 7ff6ac3a7072 15760->15761 17366 7ff6ac3b9184 15761->17366 15765 7ff6ac3a7081 15766 7ff6ac3b9184 _fread_nolock 37 API calls 15765->15766 15767 7ff6ac3a70a0 15766->15767 15781 7ff6ac3a2790 15780->15781 15782 7ff6ac3b3be4 49 API calls 15781->15782 15783 7ff6ac3a27dd memcpy_s 15782->15783 15784 7ff6ac3a7a30 57 API calls 15783->15784 15785 7ff6ac3a280a 15784->15785 15786 7ff6ac3a280f 15785->15786 15787 7ff6ac3a2849 MessageBoxA 15785->15787 15788 7ff6ac3a7a30 57 API calls 15786->15788 15789 7ff6ac3a2863 15787->15789 15790 7ff6ac3a2829 MessageBoxW 15788->15790 15791 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15789->15791 15790->15789 15792 7ff6ac3a2873 15791->15792 15792->15568 15794 7ff6ac3a3cbc 15793->15794 15795 7ff6ac3a7a30 57 API calls 15794->15795 15796 7ff6ac3a3ce7 15795->15796 15797 7ff6ac3a7a30 57 API calls 15796->15797 15798 7ff6ac3a3cfa 15797->15798 17384 7ff6ac3b54c8 15798->17384 15801 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15802 7ff6ac3a37da 15801->15802 15802->15571 15803 7ff6ac3a7200 15802->15803 15804 7ff6ac3a7224 15803->15804 15805 7ff6ac3af934 73 API calls 15804->15805 15810 7ff6ac3a72fb __std_exception_destroy 15804->15810 15806 7ff6ac3a723e 15805->15806 15806->15810 17763 7ff6ac3b7938 15806->17763 15808 7ff6ac3af934 73 API calls 15811 7ff6ac3a7253 15808->15811 15809 7ff6ac3af5fc _fread_nolock 53 API calls 15809->15811 15810->15575 15811->15808 15811->15809 15811->15810 15813 7ff6ac3af2dc 15812->15813 17778 7ff6ac3af088 15813->17778 15815 7ff6ac3af2f5 15815->15571 15817 7ff6ac3a3297 15816->15817 15818 7ff6ac3a32c0 15816->15818 15817->15818 15819 7ff6ac3a1780 59 API calls 15817->15819 15818->15553 15819->15817 15821 7ff6ac3a5b04 15820->15821 15825 7ff6ac3a5b31 15820->15825 15822 7ff6ac3a5b2c 15821->15822 15823 7ff6ac3a1780 59 API calls 15821->15823 15821->15825 15829 7ff6ac3a5b27 memcpy_s __std_exception_destroy 15821->15829 17789 7ff6ac3a12b0 15822->17789 15823->15821 15825->15829 17815 7ff6ac3a3d30 15825->17815 15827 7ff6ac3a5b97 15828 7ff6ac3a2770 59 API calls 15827->15828 15827->15829 15828->15829 15829->15577 15844 7ff6ac3a565a memcpy_s 15830->15844 15832 7ff6ac3a577f 15834 7ff6ac3a3d30 49 API calls 15832->15834 15833 7ff6ac3a579b 15836 7ff6ac3a2770 59 API calls 15833->15836 15835 7ff6ac3a57f8 15834->15835 15839 7ff6ac3a3d30 49 API calls 15835->15839 15840 7ff6ac3a5791 __std_exception_destroy 15836->15840 15837 7ff6ac3a3d30 49 API calls 15837->15844 15838 7ff6ac3a5760 15838->15832 15841 7ff6ac3a3d30 49 API calls 15838->15841 15842 7ff6ac3a5828 15839->15842 15843 7ff6ac3aad80 _wfindfirst32i64 8 API calls 15840->15843 15841->15832 15846 7ff6ac3a3d30 49 API calls 15842->15846 15845 7ff6ac3a38d9 15843->15845 15844->15832 15844->15833 15844->15837 15844->15838 15844->15844 15847 7ff6ac3a1440 161 API calls 15844->15847 15848 7ff6ac3a5781 15844->15848 17818 7ff6ac3a1650 15844->17818 15845->15585 15845->15586 15846->15840 15847->15844 15849 7ff6ac3a2770 59 API calls 15848->15849 15849->15840 17823 7ff6ac3a71b0 15850->17823 15852 7ff6ac3a55e2 15853 7ff6ac3a71b0 58 API calls 15852->15853 15854 7ff6ac3a55f5 15853->15854 15855 7ff6ac3a561a 15854->15855 15856 7ff6ac3a560d GetProcAddress 15854->15856 15857 7ff6ac3a2770 59 API calls 15855->15857 15860 7ff6ac3a5f79 15856->15860 15861 7ff6ac3a5f9c GetProcAddress 15856->15861 15859 7ff6ac3a5626 15857->15859 15859->15593 15863 7ff6ac3a2620 57 API calls 15860->15863 15861->15860 15862 7ff6ac3a5fc1 GetProcAddress 15861->15862 15862->15860 15864 7ff6ac3a5fe6 GetProcAddress 15862->15864 15865 7ff6ac3a5f8c 15863->15865 15864->15860 15866 7ff6ac3a600e GetProcAddress 15864->15866 15865->15593 15866->15860 15867 7ff6ac3a6036 GetProcAddress 15866->15867 15867->15860 15868 7ff6ac3a605e GetProcAddress 15867->15868 15869 7ff6ac3a6086 GetProcAddress 15868->15869 15870 7ff6ac3a607a 15868->15870 15871 7ff6ac3a60ae GetProcAddress 15869->15871 15872 7ff6ac3a60a2 15869->15872 15870->15869 15872->15871 15919 7ff6ac3a5cb4 15918->15919 15920 7ff6ac3a2770 59 API calls 15919->15920 15923 7ff6ac3a38fa 15919->15923 15921 7ff6ac3a5d0e 15920->15921 15922 7ff6ac3a5890 FreeLibrary 15921->15922 15922->15923 15923->15572 15925 7ff6ac3a58bd 15924->15925 15926 7ff6ac3a58a2 15924->15926 15925->15572 15926->15925 15927 7ff6ac3a5980 15926->15927 17827 7ff6ac3a7190 FreeLibrary 15926->17827 15927->15925 17828 7ff6ac3a7190 FreeLibrary 15927->17828 15931 7ff6ac3a1b55 15930->15931 15932 7ff6ac3b3be4 49 API calls 15931->15932 15933 7ff6ac3a1b78 15932->15933 15933->15592 17829 7ff6ac3a4960 15934->17829 15937 7ff6ac3a30fd 15937->15599 15939 7ff6ac3a30d4 15939->15937 17885 7ff6ac3a46e0 15939->17885 15941 7ff6ac3a30e0 15941->15937 17895 7ff6ac3a4840 15941->17895 16008 7ff6ac3aadb0 15989->16008 15992 7ff6ac3a2669 16010 7ff6ac3b3be4 15992->16010 15997 7ff6ac3a1b30 49 API calls 15998 7ff6ac3a26c8 memcpy_s 15997->15998 15999 7ff6ac3a7a30 54 API calls 15998->15999 16000 7ff6ac3a26f5 15999->16000 16001 7ff6ac3a2734 MessageBoxA 16000->16001 16002 7ff6ac3a26fa 16000->16002 16003 7ff6ac3a274e 16001->16003 16004 7ff6ac3a7a30 54 API calls 16002->16004 16005 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16003->16005 16006 7ff6ac3a2714 MessageBoxW 16004->16006 16007 7ff6ac3a275e 16005->16007 16006->16003 16007->15665 16009 7ff6ac3a263c GetLastError 16008->16009 16009->15992 16011 7ff6ac3b3c3e 16010->16011 16012 7ff6ac3b3c63 16011->16012 16014 7ff6ac3b3c9f 16011->16014 16013 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16012->16013 16016 7ff6ac3b3c8d 16013->16016 16040 7ff6ac3b1e70 16014->16040 16018 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16016->16018 16020 7ff6ac3a2699 16018->16020 16019 7ff6ac3b9e18 __free_lconv_num 11 API calls 16019->16016 16028 7ff6ac3a74b0 16020->16028 16021 7ff6ac3b3d7c 16021->16019 16022 7ff6ac3b3da0 16022->16021 16024 7ff6ac3b3daa 16022->16024 16023 7ff6ac3b3d51 16025 7ff6ac3b9e18 __free_lconv_num 11 API calls 16023->16025 16027 7ff6ac3b9e18 __free_lconv_num 11 API calls 16024->16027 16025->16016 16026 7ff6ac3b3d48 16026->16021 16026->16023 16027->16016 16029 7ff6ac3a74bc 16028->16029 16030 7ff6ac3a74d7 GetLastError 16029->16030 16031 7ff6ac3a74dd FormatMessageW 16029->16031 16030->16031 16032 7ff6ac3a7510 16031->16032 16033 7ff6ac3a752c WideCharToMultiByte 16031->16033 16034 7ff6ac3a2620 54 API calls 16032->16034 16035 7ff6ac3a7566 16033->16035 16036 7ff6ac3a7523 16033->16036 16034->16036 16037 7ff6ac3a2620 54 API calls 16035->16037 16038 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16036->16038 16037->16036 16039 7ff6ac3a26a0 16038->16039 16039->15997 16041 7ff6ac3b1eae 16040->16041 16042 7ff6ac3b1e9e 16040->16042 16043 7ff6ac3b1eb7 16041->16043 16050 7ff6ac3b1ee5 16041->16050 16044 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16042->16044 16045 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16043->16045 16046 7ff6ac3b1edd 16044->16046 16045->16046 16046->16021 16046->16022 16046->16023 16046->16026 16049 7ff6ac3b2194 16052 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16049->16052 16050->16042 16050->16046 16050->16049 16054 7ff6ac3b2800 16050->16054 16080 7ff6ac3b24c8 16050->16080 16110 7ff6ac3b1d50 16050->16110 16113 7ff6ac3b3a20 16050->16113 16052->16042 16055 7ff6ac3b28b5 16054->16055 16056 7ff6ac3b2842 16054->16056 16059 7ff6ac3b290f 16055->16059 16060 7ff6ac3b28ba 16055->16060 16057 7ff6ac3b28df 16056->16057 16058 7ff6ac3b2848 16056->16058 16137 7ff6ac3b0db0 16057->16137 16066 7ff6ac3b284d 16058->16066 16069 7ff6ac3b291e 16058->16069 16059->16057 16059->16069 16078 7ff6ac3b2878 16059->16078 16061 7ff6ac3b28ef 16060->16061 16062 7ff6ac3b28bc 16060->16062 16144 7ff6ac3b09a0 16061->16144 16064 7ff6ac3b285d 16062->16064 16068 7ff6ac3b28cb 16062->16068 16079 7ff6ac3b294d 16064->16079 16119 7ff6ac3b3164 16064->16119 16066->16064 16070 7ff6ac3b2890 16066->16070 16066->16078 16068->16057 16072 7ff6ac3b28d0 16068->16072 16069->16079 16151 7ff6ac3b11c0 16069->16151 16070->16079 16129 7ff6ac3b3620 16070->16129 16072->16079 16133 7ff6ac3b37b8 16072->16133 16074 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16076 7ff6ac3b2be3 16074->16076 16076->16050 16078->16079 16158 7ff6ac3bda00 16078->16158 16079->16074 16081 7ff6ac3b24d3 16080->16081 16082 7ff6ac3b24e9 16080->16082 16084 7ff6ac3b28b5 16081->16084 16085 7ff6ac3b2842 16081->16085 16086 7ff6ac3b2527 16081->16086 16083 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16082->16083 16082->16086 16083->16086 16089 7ff6ac3b290f 16084->16089 16090 7ff6ac3b28ba 16084->16090 16087 7ff6ac3b28df 16085->16087 16088 7ff6ac3b2848 16085->16088 16086->16050 16093 7ff6ac3b0db0 38 API calls 16087->16093 16097 7ff6ac3b284d 16088->16097 16100 7ff6ac3b291e 16088->16100 16089->16087 16089->16100 16108 7ff6ac3b2878 16089->16108 16091 7ff6ac3b28ef 16090->16091 16092 7ff6ac3b28bc 16090->16092 16095 7ff6ac3b09a0 38 API calls 16091->16095 16094 7ff6ac3b285d 16092->16094 16098 7ff6ac3b28cb 16092->16098 16093->16108 16096 7ff6ac3b3164 47 API calls 16094->16096 16109 7ff6ac3b294d 16094->16109 16095->16108 16096->16108 16097->16094 16099 7ff6ac3b2890 16097->16099 16097->16108 16098->16087 16102 7ff6ac3b28d0 16098->16102 16103 7ff6ac3b3620 47 API calls 16099->16103 16099->16109 16101 7ff6ac3b11c0 38 API calls 16100->16101 16100->16109 16101->16108 16105 7ff6ac3b37b8 37 API calls 16102->16105 16102->16109 16103->16108 16104 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16106 7ff6ac3b2be3 16104->16106 16105->16108 16106->16050 16107 7ff6ac3bda00 47 API calls 16107->16108 16108->16107 16108->16109 16109->16104 16295 7ff6ac3aff74 16110->16295 16114 7ff6ac3b3a37 16113->16114 16312 7ff6ac3bcb60 16114->16312 16120 7ff6ac3b3186 16119->16120 16168 7ff6ac3afde0 16120->16168 16125 7ff6ac3b3a20 45 API calls 16126 7ff6ac3b32c3 16125->16126 16127 7ff6ac3b3a20 45 API calls 16126->16127 16128 7ff6ac3b334c 16126->16128 16127->16128 16128->16078 16130 7ff6ac3b3638 16129->16130 16132 7ff6ac3b36a0 16129->16132 16131 7ff6ac3bda00 47 API calls 16130->16131 16130->16132 16131->16132 16132->16078 16136 7ff6ac3b37d9 16133->16136 16134 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16135 7ff6ac3b380a 16134->16135 16135->16078 16136->16134 16136->16135 16138 7ff6ac3b0de3 16137->16138 16139 7ff6ac3b0e12 16138->16139 16141 7ff6ac3b0ecf 16138->16141 16140 7ff6ac3afde0 12 API calls 16139->16140 16143 7ff6ac3b0e4f 16139->16143 16140->16143 16142 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16141->16142 16142->16143 16143->16078 16145 7ff6ac3b09d3 16144->16145 16146 7ff6ac3b0a02 16145->16146 16148 7ff6ac3b0abf 16145->16148 16147 7ff6ac3afde0 12 API calls 16146->16147 16150 7ff6ac3b0a3f 16146->16150 16147->16150 16149 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16148->16149 16149->16150 16150->16078 16152 7ff6ac3b11f3 16151->16152 16153 7ff6ac3b1222 16152->16153 16155 7ff6ac3b12df 16152->16155 16154 7ff6ac3afde0 12 API calls 16153->16154 16157 7ff6ac3b125f 16153->16157 16154->16157 16156 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16155->16156 16156->16157 16157->16078 16159 7ff6ac3bda28 16158->16159 16160 7ff6ac3bda6d 16159->16160 16161 7ff6ac3b3a20 45 API calls 16159->16161 16162 7ff6ac3bda2d memcpy_s 16159->16162 16167 7ff6ac3bda56 memcpy_s 16159->16167 16160->16162 16164 7ff6ac3bf0b8 WideCharToMultiByte 16160->16164 16160->16167 16161->16160 16162->16078 16163 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16163->16162 16165 7ff6ac3bdb49 16164->16165 16165->16162 16166 7ff6ac3bdb5e GetLastError 16165->16166 16166->16162 16166->16167 16167->16162 16167->16163 16169 7ff6ac3afe06 16168->16169 16170 7ff6ac3afe17 16168->16170 16176 7ff6ac3bd718 16169->16176 16170->16169 16171 7ff6ac3bcacc _fread_nolock 12 API calls 16170->16171 16172 7ff6ac3afe44 16171->16172 16173 7ff6ac3afe58 16172->16173 16174 7ff6ac3b9e18 __free_lconv_num 11 API calls 16172->16174 16175 7ff6ac3b9e18 __free_lconv_num 11 API calls 16173->16175 16174->16173 16175->16169 16177 7ff6ac3bd768 16176->16177 16178 7ff6ac3bd735 16176->16178 16177->16178 16180 7ff6ac3bd79a 16177->16180 16179 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16178->16179 16188 7ff6ac3b32a1 16179->16188 16184 7ff6ac3bd8ad 16180->16184 16191 7ff6ac3bd7e2 16180->16191 16181 7ff6ac3bd99f 16222 7ff6ac3bcc04 16181->16222 16182 7ff6ac3bd965 16215 7ff6ac3bcf9c 16182->16215 16184->16181 16184->16182 16185 7ff6ac3bd934 16184->16185 16187 7ff6ac3bd8f7 16184->16187 16190 7ff6ac3bd8ed 16184->16190 16208 7ff6ac3bd27c 16185->16208 16198 7ff6ac3bd4ac 16187->16198 16188->16125 16188->16126 16190->16182 16193 7ff6ac3bd8f2 16190->16193 16191->16188 16194 7ff6ac3b91ac __std_exception_copy 37 API calls 16191->16194 16193->16185 16193->16187 16195 7ff6ac3bd89a 16194->16195 16195->16188 16196 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 16195->16196 16197 7ff6ac3bd9fc 16196->16197 16231 7ff6ac3c31cc 16198->16231 16202 7ff6ac3bd554 16203 7ff6ac3bd558 16202->16203 16204 7ff6ac3bd5a9 16202->16204 16205 7ff6ac3bd574 16202->16205 16203->16188 16284 7ff6ac3bd098 16204->16284 16280 7ff6ac3bd354 16205->16280 16209 7ff6ac3c31cc 38 API calls 16208->16209 16210 7ff6ac3bd2c6 16209->16210 16211 7ff6ac3c2c14 37 API calls 16210->16211 16212 7ff6ac3bd316 16211->16212 16213 7ff6ac3bd31a 16212->16213 16214 7ff6ac3bd354 45 API calls 16212->16214 16213->16188 16214->16213 16216 7ff6ac3c31cc 38 API calls 16215->16216 16217 7ff6ac3bcfe7 16216->16217 16218 7ff6ac3c2c14 37 API calls 16217->16218 16219 7ff6ac3bd03f 16218->16219 16220 7ff6ac3bd043 16219->16220 16221 7ff6ac3bd098 45 API calls 16219->16221 16220->16188 16221->16220 16223 7ff6ac3bcc49 16222->16223 16224 7ff6ac3bcc7c 16222->16224 16225 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16223->16225 16226 7ff6ac3bcc94 16224->16226 16229 7ff6ac3bcd15 16224->16229 16228 7ff6ac3bcc75 memcpy_s 16225->16228 16227 7ff6ac3bcf9c 46 API calls 16226->16227 16227->16228 16228->16188 16229->16228 16230 7ff6ac3b3a20 45 API calls 16229->16230 16230->16228 16232 7ff6ac3c321f fegetenv 16231->16232 16233 7ff6ac3c712c 37 API calls 16232->16233 16237 7ff6ac3c3272 16233->16237 16234 7ff6ac3c329f 16239 7ff6ac3b91ac __std_exception_copy 37 API calls 16234->16239 16235 7ff6ac3c3362 16236 7ff6ac3c712c 37 API calls 16235->16236 16238 7ff6ac3c338c 16236->16238 16237->16235 16240 7ff6ac3c328d 16237->16240 16241 7ff6ac3c333c 16237->16241 16242 7ff6ac3c712c 37 API calls 16238->16242 16243 7ff6ac3c331d 16239->16243 16240->16234 16240->16235 16244 7ff6ac3b91ac __std_exception_copy 37 API calls 16241->16244 16245 7ff6ac3c339d 16242->16245 16246 7ff6ac3c4444 16243->16246 16250 7ff6ac3c3325 16243->16250 16244->16243 16248 7ff6ac3c7320 20 API calls 16245->16248 16247 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 16246->16247 16249 7ff6ac3c4459 16247->16249 16258 7ff6ac3c3406 memcpy_s 16248->16258 16251 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16250->16251 16252 7ff6ac3bd4f9 16251->16252 16276 7ff6ac3c2c14 16252->16276 16253 7ff6ac3c37af memcpy_s 16254 7ff6ac3c3aef 16255 7ff6ac3c2d30 37 API calls 16254->16255 16264 7ff6ac3c4207 16255->16264 16256 7ff6ac3c3a9b 16256->16254 16259 7ff6ac3c445c memcpy_s 37 API calls 16256->16259 16257 7ff6ac3c3447 memcpy_s 16263 7ff6ac3c3d8b memcpy_s 16257->16263 16270 7ff6ac3c38a3 memcpy_s 16257->16270 16258->16253 16258->16257 16260 7ff6ac3b4444 _get_daylight 11 API calls 16258->16260 16259->16254 16261 7ff6ac3c3880 16260->16261 16265 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 16261->16265 16262 7ff6ac3c4262 16266 7ff6ac3c43e8 16262->16266 16272 7ff6ac3c2d30 37 API calls 16262->16272 16274 7ff6ac3c445c memcpy_s 37 API calls 16262->16274 16263->16254 16263->16256 16271 7ff6ac3b4444 11 API calls _get_daylight 16263->16271 16275 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 16263->16275 16264->16262 16267 7ff6ac3c445c memcpy_s 37 API calls 16264->16267 16265->16257 16268 7ff6ac3c712c 37 API calls 16266->16268 16267->16262 16268->16250 16269 7ff6ac3b4444 11 API calls _get_daylight 16269->16270 16270->16256 16270->16269 16273 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 16270->16273 16271->16263 16272->16262 16273->16270 16274->16262 16275->16263 16277 7ff6ac3c2c33 16276->16277 16278 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16277->16278 16279 7ff6ac3c2c5e memcpy_s 16277->16279 16278->16279 16279->16202 16281 7ff6ac3bd380 memcpy_s 16280->16281 16282 7ff6ac3b3a20 45 API calls 16281->16282 16283 7ff6ac3bd43a memcpy_s 16281->16283 16282->16283 16283->16203 16285 7ff6ac3bd0d3 16284->16285 16290 7ff6ac3bd120 memcpy_s 16284->16290 16286 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16285->16286 16287 7ff6ac3bd0ff 16286->16287 16287->16203 16288 7ff6ac3bd18b 16289 7ff6ac3b91ac __std_exception_copy 37 API calls 16288->16289 16294 7ff6ac3bd1cd memcpy_s 16289->16294 16290->16288 16291 7ff6ac3b3a20 45 API calls 16290->16291 16291->16288 16292 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 16293 7ff6ac3bd278 16292->16293 16294->16292 16296 7ff6ac3affa1 16295->16296 16297 7ff6ac3affb3 16295->16297 16298 7ff6ac3b4444 _get_daylight 11 API calls 16296->16298 16300 7ff6ac3affc0 16297->16300 16303 7ff6ac3afffd 16297->16303 16299 7ff6ac3affa6 16298->16299 16301 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 16299->16301 16302 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16300->16302 16311 7ff6ac3affb1 16301->16311 16302->16311 16304 7ff6ac3b00a6 16303->16304 16306 7ff6ac3b4444 _get_daylight 11 API calls 16303->16306 16305 7ff6ac3b4444 _get_daylight 11 API calls 16304->16305 16304->16311 16308 7ff6ac3b0150 16305->16308 16307 7ff6ac3b009b 16306->16307 16309 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 16307->16309 16310 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 16308->16310 16309->16304 16310->16311 16311->16050 16313 7ff6ac3bcb79 16312->16313 16315 7ff6ac3b3a5f 16312->16315 16314 7ff6ac3c2424 45 API calls 16313->16314 16313->16315 16314->16315 16316 7ff6ac3bcbcc 16315->16316 16317 7ff6ac3bcbe5 16316->16317 16319 7ff6ac3b3a6f 16316->16319 16318 7ff6ac3c1790 45 API calls 16317->16318 16317->16319 16318->16319 16319->16050 16327 7ff6ac3b42ec EnterCriticalSection 16320->16327 16329 7ff6ac3a24ec 16328->16329 16330 7ff6ac3b3be4 49 API calls 16329->16330 16331 7ff6ac3a253f 16330->16331 16332 7ff6ac3b4444 _get_daylight 11 API calls 16331->16332 16333 7ff6ac3a2544 16332->16333 16347 7ff6ac3b4464 16333->16347 16336 7ff6ac3a1b30 49 API calls 16337 7ff6ac3a2573 memcpy_s 16336->16337 16338 7ff6ac3a7a30 57 API calls 16337->16338 16339 7ff6ac3a25a0 16338->16339 16340 7ff6ac3a25df MessageBoxA 16339->16340 16341 7ff6ac3a25a5 16339->16341 16343 7ff6ac3a25f9 16340->16343 16342 7ff6ac3a7a30 57 API calls 16341->16342 16344 7ff6ac3a25bf MessageBoxW 16342->16344 16345 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16343->16345 16344->16343 16346 7ff6ac3a2609 16345->16346 16346->15675 16348 7ff6ac3ba798 _get_daylight 11 API calls 16347->16348 16349 7ff6ac3b447b 16348->16349 16350 7ff6ac3a254b 16349->16350 16351 7ff6ac3bdd40 _get_daylight 11 API calls 16349->16351 16353 7ff6ac3b44bb 16349->16353 16350->16336 16352 7ff6ac3b44b0 16351->16352 16354 7ff6ac3b9e18 __free_lconv_num 11 API calls 16352->16354 16353->16350 16359 7ff6ac3be418 16353->16359 16354->16353 16357 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 16358 7ff6ac3b4500 16357->16358 16363 7ff6ac3be435 16359->16363 16360 7ff6ac3be43a 16361 7ff6ac3b44e1 16360->16361 16362 7ff6ac3b4444 _get_daylight 11 API calls 16360->16362 16361->16350 16361->16357 16364 7ff6ac3be444 16362->16364 16363->16360 16363->16361 16366 7ff6ac3be484 16363->16366 16365 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 16364->16365 16365->16361 16366->16361 16367 7ff6ac3b4444 _get_daylight 11 API calls 16366->16367 16367->16364 16369 7ff6ac3a7bd2 WideCharToMultiByte 16368->16369 16370 7ff6ac3a7b64 WideCharToMultiByte 16368->16370 16371 7ff6ac3a7bff 16369->16371 16378 7ff6ac3a3c05 16369->16378 16372 7ff6ac3a7b8e 16370->16372 16373 7ff6ac3a7ba5 16370->16373 16374 7ff6ac3a2620 57 API calls 16371->16374 16375 7ff6ac3a2620 57 API calls 16372->16375 16373->16369 16376 7ff6ac3a7bbb 16373->16376 16374->16378 16375->16378 16377 7ff6ac3a2620 57 API calls 16376->16377 16377->16378 16378->15685 16378->15686 16380 7ff6ac3a6a0e 16379->16380 16381 7ff6ac3b9123 16379->16381 16380->15705 16381->16380 16382 7ff6ac3b91ac __std_exception_copy 37 API calls 16381->16382 16383 7ff6ac3b9150 16382->16383 16383->16380 16384 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 16383->16384 16385 7ff6ac3b9180 16384->16385 16387 7ff6ac3a17e4 16386->16387 16388 7ff6ac3a17d4 16386->16388 16390 7ff6ac3a7200 83 API calls 16387->16390 16419 7ff6ac3a1842 16387->16419 16389 7ff6ac3a3cb0 116 API calls 16388->16389 16389->16387 16391 7ff6ac3a1815 16390->16391 16391->16419 16420 7ff6ac3af934 16391->16420 16393 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16397 7ff6ac3a19c0 16393->16397 16394 7ff6ac3a182b 16395 7ff6ac3a182f 16394->16395 16396 7ff6ac3a184c 16394->16396 16398 7ff6ac3a24d0 59 API calls 16395->16398 16424 7ff6ac3af5fc 16396->16424 16397->15720 16397->15721 16398->16419 16401 7ff6ac3af934 73 API calls 16403 7ff6ac3a18d1 16401->16403 16402 7ff6ac3a24d0 59 API calls 16402->16419 16404 7ff6ac3a18fe 16403->16404 16405 7ff6ac3a18e3 16403->16405 16407 7ff6ac3af5fc _fread_nolock 53 API calls 16404->16407 16406 7ff6ac3a24d0 59 API calls 16405->16406 16406->16419 16408 7ff6ac3a1913 16407->16408 16409 7ff6ac3a1925 16408->16409 16410 7ff6ac3a1867 16408->16410 16427 7ff6ac3af370 16409->16427 16410->16402 16413 7ff6ac3a193d 16414 7ff6ac3a2770 59 API calls 16413->16414 16414->16419 16415 7ff6ac3a1993 16416 7ff6ac3af2ac 74 API calls 16415->16416 16415->16419 16416->16419 16417 7ff6ac3a1950 16417->16415 16418 7ff6ac3a2770 59 API calls 16417->16418 16418->16415 16419->16393 16421 7ff6ac3af964 16420->16421 16433 7ff6ac3af6c4 16421->16433 16423 7ff6ac3af97d 16423->16394 16445 7ff6ac3af61c 16424->16445 16428 7ff6ac3af379 16427->16428 16429 7ff6ac3a1939 16427->16429 16430 7ff6ac3b4444 _get_daylight 11 API calls 16428->16430 16429->16413 16429->16417 16431 7ff6ac3af37e 16430->16431 16432 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 16431->16432 16432->16429 16434 7ff6ac3af72e 16433->16434 16435 7ff6ac3af6ee 16433->16435 16434->16435 16437 7ff6ac3af73a 16434->16437 16436 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16435->16436 16439 7ff6ac3af715 16436->16439 16444 7ff6ac3b42ec EnterCriticalSection 16437->16444 16439->16423 16446 7ff6ac3af646 16445->16446 16457 7ff6ac3a1861 16445->16457 16447 7ff6ac3af655 memcpy_s 16446->16447 16448 7ff6ac3af692 16446->16448 16446->16457 16451 7ff6ac3b4444 _get_daylight 11 API calls 16447->16451 16458 7ff6ac3b42ec EnterCriticalSection 16448->16458 16453 7ff6ac3af66a 16451->16453 16455 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 16453->16455 16455->16457 16457->16401 16457->16410 16552 7ff6ac3a6720 16459->16552 16461 7ff6ac3a1454 16462 7ff6ac3a1459 16461->16462 16561 7ff6ac3a6a40 16461->16561 16462->15749 16465 7ff6ac3a14a7 16468 7ff6ac3a14e0 16465->16468 16470 7ff6ac3a3cb0 116 API calls 16465->16470 16466 7ff6ac3a1487 16467 7ff6ac3a24d0 59 API calls 16466->16467 16469 7ff6ac3a149d 16467->16469 16471 7ff6ac3af934 73 API calls 16468->16471 16469->15749 16472 7ff6ac3a14bf 16470->16472 16473 7ff6ac3a14f2 16471->16473 16472->16468 16474 7ff6ac3a14c7 16472->16474 16475 7ff6ac3a1516 16473->16475 16476 7ff6ac3a14f6 16473->16476 16479 7ff6ac3a2770 59 API calls 16474->16479 16477 7ff6ac3a1534 16475->16477 16478 7ff6ac3a151c 16475->16478 16480 7ff6ac3a24d0 59 API calls 16476->16480 16482 7ff6ac3a1556 16477->16482 16489 7ff6ac3a1575 16477->16489 16586 7ff6ac3a1050 16478->16586 16492 7ff6ac3a14d6 __std_exception_destroy 16479->16492 16480->16492 16486 7ff6ac3a24d0 59 API calls 16482->16486 16483 7ff6ac3a1624 16485 7ff6ac3af2ac 74 API calls 16483->16485 16484 7ff6ac3af2ac 74 API calls 16484->16483 16485->16469 16486->16492 16487 7ff6ac3af5fc _fread_nolock 53 API calls 16487->16489 16488 7ff6ac3a15d5 16491 7ff6ac3a24d0 59 API calls 16488->16491 16489->16487 16489->16488 16489->16492 16604 7ff6ac3afd3c 16489->16604 16491->16492 16492->16483 16492->16484 16494 7ff6ac3a29a6 16493->16494 16495 7ff6ac3a1b30 49 API calls 16494->16495 16497 7ff6ac3a29db 16495->16497 16496 7ff6ac3a2de1 16497->16496 16498 7ff6ac3a3b20 49 API calls 16497->16498 16499 7ff6ac3a2a4f 16498->16499 17178 7ff6ac3a2e00 16499->17178 16502 7ff6ac3a2a91 16505 7ff6ac3a6720 98 API calls 16502->16505 16503 7ff6ac3a2aca 16504 7ff6ac3a2e00 75 API calls 16503->16504 16506 7ff6ac3a2b1c 16504->16506 16507 7ff6ac3a2a99 16505->16507 16508 7ff6ac3a2b20 16506->16508 16509 7ff6ac3a2b86 16506->16509 16510 7ff6ac3a2aba 16507->16510 17186 7ff6ac3a6600 16507->17186 16512 7ff6ac3a6720 98 API calls 16508->16512 16511 7ff6ac3a2e00 75 API calls 16509->16511 16513 7ff6ac3a2770 59 API calls 16510->16513 16517 7ff6ac3a2ac3 16510->16517 16515 7ff6ac3a2bb2 16511->16515 16516 7ff6ac3a2b28 16512->16516 16513->16517 16518 7ff6ac3a2c12 16515->16518 16519 7ff6ac3a2e00 75 API calls 16515->16519 16516->16510 16520 7ff6ac3a6600 138 API calls 16516->16520 16522 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16517->16522 16518->16496 16521 7ff6ac3a6720 98 API calls 16518->16521 16523 7ff6ac3a2be2 16519->16523 16524 7ff6ac3a2b45 16520->16524 16529 7ff6ac3a2c22 16521->16529 16525 7ff6ac3a2b7b 16522->16525 16523->16518 16527 7ff6ac3a2e00 75 API calls 16523->16527 16524->16510 16526 7ff6ac3a2dc6 16524->16526 16525->15749 16531 7ff6ac3a2770 59 API calls 16526->16531 16527->16518 16528 7ff6ac3a1af0 59 API calls 16530 7ff6ac3a2c7f 16528->16530 16529->16496 16529->16528 16541 7ff6ac3a2d3f 16529->16541 16530->16496 16533 7ff6ac3a1b30 49 API calls 16530->16533 16532 7ff6ac3a2d3a 16531->16532 16534 7ff6ac3a1ab0 74 API calls 16532->16534 16535 7ff6ac3a2ca7 16533->16535 16534->16496 16535->16526 16536 7ff6ac3a2dab 16536->16526 16539 7ff6ac3a1440 161 API calls 16536->16539 16539->16536 16541->16536 16542 7ff6ac3a1780 59 API calls 16541->16542 16542->16541 16549 7ff6ac3a17a1 16548->16549 16550 7ff6ac3a1795 16548->16550 16549->15749 16551 7ff6ac3a2770 59 API calls 16550->16551 16551->16549 16553 7ff6ac3a6768 16552->16553 16554 7ff6ac3a6732 16552->16554 16553->16461 16608 7ff6ac3a16d0 16554->16608 16559 7ff6ac3a2770 59 API calls 16560 7ff6ac3a675d 16559->16560 16560->16461 16562 7ff6ac3a6a50 16561->16562 16563 7ff6ac3a1b30 49 API calls 16562->16563 16564 7ff6ac3a6a81 16563->16564 16565 7ff6ac3a6c4b 16564->16565 16566 7ff6ac3a1b30 49 API calls 16564->16566 16567 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16565->16567 16569 7ff6ac3a6aa8 16566->16569 16568 7ff6ac3a147f 16567->16568 16568->16465 16568->16466 16569->16565 17128 7ff6ac3b50e8 16569->17128 16571 7ff6ac3a6bb9 16572 7ff6ac3a7a30 57 API calls 16571->16572 16573 7ff6ac3a6bd1 16572->16573 16574 7ff6ac3a6c7a 16573->16574 16576 7ff6ac3a6990 61 API calls 16573->16576 16579 7ff6ac3a6c02 __std_exception_destroy 16573->16579 16575 7ff6ac3a3cb0 116 API calls 16574->16575 16575->16565 16576->16579 16577 7ff6ac3a6c3f 17137 7ff6ac3a2880 16577->17137 16578 7ff6ac3a6c6e 16581 7ff6ac3a2880 59 API calls 16578->16581 16579->16577 16579->16578 16581->16574 16582 7ff6ac3a6add 16582->16565 16582->16571 16583 7ff6ac3b50e8 49 API calls 16582->16583 16584 7ff6ac3a7a30 57 API calls 16582->16584 16585 7ff6ac3a78a0 58 API calls 16582->16585 16583->16582 16584->16582 16585->16582 16587 7ff6ac3a10a6 16586->16587 16588 7ff6ac3a10d3 16587->16588 16589 7ff6ac3a10ad 16587->16589 16592 7ff6ac3a1109 16588->16592 16593 7ff6ac3a10ed 16588->16593 16590 7ff6ac3a2770 59 API calls 16589->16590 16591 7ff6ac3a10c0 16590->16591 16591->16492 16595 7ff6ac3a111b 16592->16595 16602 7ff6ac3a1137 memcpy_s 16592->16602 16594 7ff6ac3a24d0 59 API calls 16593->16594 16598 7ff6ac3a1104 __std_exception_destroy 16594->16598 16596 7ff6ac3a24d0 59 API calls 16595->16596 16596->16598 16597 7ff6ac3af5fc _fread_nolock 53 API calls 16597->16602 16598->16492 16599 7ff6ac3a11fe 16600 7ff6ac3a2770 59 API calls 16599->16600 16600->16598 16601 7ff6ac3afd3c 76 API calls 16601->16602 16602->16597 16602->16598 16602->16599 16602->16601 16603 7ff6ac3af370 37 API calls 16602->16603 16603->16602 16605 7ff6ac3afd6c 16604->16605 17163 7ff6ac3afa8c 16605->17163 16607 7ff6ac3afd8a 16607->16489 16610 7ff6ac3a16f5 16608->16610 16609 7ff6ac3a1738 16612 7ff6ac3a6780 16609->16612 16610->16609 16611 7ff6ac3a2770 59 API calls 16610->16611 16611->16609 16613 7ff6ac3a6798 16612->16613 16614 7ff6ac3a67b8 16613->16614 16615 7ff6ac3a680b 16613->16615 16617 7ff6ac3a6990 61 API calls 16614->16617 16616 7ff6ac3a6810 GetTempPathW 16615->16616 16618 7ff6ac3a6825 16616->16618 16619 7ff6ac3a67c4 16617->16619 16652 7ff6ac3a2470 16618->16652 16676 7ff6ac3a6480 16619->16676 16624 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16627 7ff6ac3a674d 16624->16627 16627->16553 16627->16559 16630 7ff6ac3a683e __std_exception_destroy 16631 7ff6ac3a68e6 16630->16631 16635 7ff6ac3a6871 16630->16635 16656 7ff6ac3b736c 16630->16656 16659 7ff6ac3a78a0 16630->16659 16634 7ff6ac3a7b40 59 API calls 16631->16634 16637 7ff6ac3a68f7 __std_exception_destroy 16634->16637 16636 7ff6ac3a7a30 57 API calls 16635->16636 16646 7ff6ac3a68aa __std_exception_destroy 16635->16646 16638 7ff6ac3a6887 16636->16638 16639 7ff6ac3a7a30 57 API calls 16637->16639 16637->16646 16640 7ff6ac3a68c9 SetEnvironmentVariableW 16638->16640 16641 7ff6ac3a688c 16638->16641 16640->16646 16643 7ff6ac3a7a30 57 API calls 16641->16643 16646->16624 16653 7ff6ac3a2495 16652->16653 16710 7ff6ac3b3e38 16653->16710 16882 7ff6ac3b6f98 16656->16882 16660 7ff6ac3aadb0 16659->16660 16661 7ff6ac3a78b0 GetCurrentProcess OpenProcessToken 16660->16661 16662 7ff6ac3a7971 __std_exception_destroy 16661->16662 16663 7ff6ac3a78fb GetTokenInformation 16661->16663 16666 7ff6ac3a7984 CloseHandle 16662->16666 16667 7ff6ac3a798a 16662->16667 16664 7ff6ac3a7928 16663->16664 16665 7ff6ac3a791d GetLastError 16663->16665 16664->16662 16665->16662 16665->16664 16666->16667 16677 7ff6ac3a648c 16676->16677 16678 7ff6ac3a7a30 57 API calls 16677->16678 16679 7ff6ac3a64ae 16678->16679 16680 7ff6ac3a64b6 16679->16680 16681 7ff6ac3a64c9 ExpandEnvironmentStringsW 16679->16681 16682 7ff6ac3a2770 59 API calls 16680->16682 16683 7ff6ac3a64ef __std_exception_destroy 16681->16683 16689 7ff6ac3a64c2 16682->16689 16684 7ff6ac3a64f3 16683->16684 16685 7ff6ac3a6506 16683->16685 16687 7ff6ac3a2770 59 API calls 16684->16687 16690 7ff6ac3a6520 16685->16690 16691 7ff6ac3a6514 16685->16691 16686 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16688 7ff6ac3a65e8 16686->16688 16687->16689 16688->16646 16700 7ff6ac3b66b4 16688->16700 16689->16686 17019 7ff6ac3b5348 16690->17019 17012 7ff6ac3b5f44 16691->17012 16694 7ff6ac3a651e 16695 7ff6ac3a653a 16694->16695 16696 7ff6ac3a654d memcpy_s 16694->16696 16697 7ff6ac3a2770 59 API calls 16695->16697 16698 7ff6ac3a65c2 CreateDirectoryW 16696->16698 16699 7ff6ac3a659c CreateDirectoryW 16696->16699 16697->16689 16698->16689 16699->16696 16701 7ff6ac3b66c1 16700->16701 16702 7ff6ac3b66d4 16700->16702 16704 7ff6ac3b4444 _get_daylight 11 API calls 16701->16704 17120 7ff6ac3b6338 16702->17120 16705 7ff6ac3b66c6 16704->16705 16707 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 16705->16707 16708 7ff6ac3b66d2 16707->16708 16711 7ff6ac3b3e92 16710->16711 16712 7ff6ac3b3eb7 16711->16712 16714 7ff6ac3b3ef3 16711->16714 16713 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16712->16713 16716 7ff6ac3b3ee1 16713->16716 16728 7ff6ac3b21f0 16714->16728 16718 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16716->16718 16717 7ff6ac3b3fd4 16719 7ff6ac3b9e18 __free_lconv_num 11 API calls 16717->16719 16720 7ff6ac3a24b4 16718->16720 16719->16716 16720->16630 16722 7ff6ac3b3fa9 16725 7ff6ac3b9e18 __free_lconv_num 11 API calls 16722->16725 16723 7ff6ac3b3ffa 16723->16717 16724 7ff6ac3b4004 16723->16724 16727 7ff6ac3b9e18 __free_lconv_num 11 API calls 16724->16727 16725->16716 16726 7ff6ac3b3fa0 16726->16717 16726->16722 16727->16716 16729 7ff6ac3b222e 16728->16729 16730 7ff6ac3b221e 16728->16730 16731 7ff6ac3b2237 16729->16731 16736 7ff6ac3b2265 16729->16736 16732 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16730->16732 16733 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16731->16733 16734 7ff6ac3b225d 16732->16734 16733->16734 16734->16717 16734->16722 16734->16723 16734->16726 16736->16730 16736->16734 16739 7ff6ac3b2c04 16736->16739 16772 7ff6ac3b2650 16736->16772 16809 7ff6ac3b1de0 16736->16809 16740 7ff6ac3b2c46 16739->16740 16741 7ff6ac3b2cb7 16739->16741 16742 7ff6ac3b2ce1 16740->16742 16743 7ff6ac3b2c4c 16740->16743 16744 7ff6ac3b2d10 16741->16744 16745 7ff6ac3b2cbc 16741->16745 16828 7ff6ac3b0fb4 16742->16828 16746 7ff6ac3b2c80 16743->16746 16747 7ff6ac3b2c51 16743->16747 16751 7ff6ac3b2d27 16744->16751 16752 7ff6ac3b2d1a 16744->16752 16756 7ff6ac3b2d1f 16744->16756 16748 7ff6ac3b2cf1 16745->16748 16749 7ff6ac3b2cbe 16745->16749 16754 7ff6ac3b2c57 16746->16754 16746->16756 16747->16751 16747->16754 16835 7ff6ac3b0ba4 16748->16835 16750 7ff6ac3b2c60 16749->16750 16759 7ff6ac3b2ccd 16749->16759 16771 7ff6ac3b2d50 16750->16771 16812 7ff6ac3b33b8 16750->16812 16842 7ff6ac3b390c 16751->16842 16752->16742 16752->16756 16754->16750 16760 7ff6ac3b2c92 16754->16760 16767 7ff6ac3b2c7b 16754->16767 16756->16771 16846 7ff6ac3b13c4 16756->16846 16759->16742 16762 7ff6ac3b2cd2 16759->16762 16760->16771 16762->16771 16764 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16767->16771 16771->16764 16773 7ff6ac3b265e 16772->16773 16774 7ff6ac3b2674 16772->16774 16776 7ff6ac3b26b4 16773->16776 16777 7ff6ac3b2c46 16773->16777 16778 7ff6ac3b2cb7 16773->16778 16775 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16774->16775 16774->16776 16775->16776 16776->16736 16779 7ff6ac3b2ce1 16777->16779 16780 7ff6ac3b2c4c 16777->16780 16781 7ff6ac3b2d10 16778->16781 16782 7ff6ac3b2cbc 16778->16782 16790 7ff6ac3b0fb4 38 API calls 16779->16790 16783 7ff6ac3b2c80 16780->16783 16784 7ff6ac3b2c51 16780->16784 16788 7ff6ac3b2d27 16781->16788 16789 7ff6ac3b2d1a 16781->16789 16793 7ff6ac3b2d1f 16781->16793 16785 7ff6ac3b2cf1 16782->16785 16786 7ff6ac3b2cbe 16782->16786 16791 7ff6ac3b2c57 16783->16791 16783->16793 16784->16788 16784->16791 16795 7ff6ac3b0ba4 38 API calls 16785->16795 16787 7ff6ac3b2c60 16786->16787 16798 7ff6ac3b2ccd 16786->16798 16792 7ff6ac3b33b8 47 API calls 16787->16792 16808 7ff6ac3b2d50 16787->16808 16794 7ff6ac3b390c 45 API calls 16788->16794 16789->16779 16789->16793 16804 7ff6ac3b2c7b 16790->16804 16791->16787 16796 7ff6ac3b2c92 16791->16796 16791->16804 16792->16804 16797 7ff6ac3b13c4 38 API calls 16793->16797 16793->16808 16794->16804 16795->16804 16796->16808 16797->16804 16798->16779 16800 7ff6ac3b2cd2 16798->16800 16800->16808 16801 7ff6ac3aad80 _wfindfirst32i64 8 API calls 16805 7ff6ac3b3a20 45 API calls 16804->16805 16807 7ff6ac3b2f3c 16804->16807 16804->16808 16805->16807 16807->16808 16808->16801 16865 7ff6ac3b0228 16809->16865 16814 7ff6ac3b33de 16812->16814 16829 7ff6ac3b0fe7 16828->16829 16830 7ff6ac3b1016 16829->16830 16832 7ff6ac3b10d3 16829->16832 16831 7ff6ac3afe88 12 API calls 16830->16831 16834 7ff6ac3b1053 16830->16834 16831->16834 16833 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16832->16833 16833->16834 16834->16767 16836 7ff6ac3b0bd7 16835->16836 16837 7ff6ac3b0c06 16836->16837 16839 7ff6ac3b0cc3 16836->16839 16843 7ff6ac3b394f 16842->16843 16844 7ff6ac3b39a8 45 API calls 16843->16844 16845 7ff6ac3b3953 __crtLCMapStringW 16843->16845 16844->16845 16845->16767 16847 7ff6ac3b13f7 16846->16847 16848 7ff6ac3b1426 16847->16848 16850 7ff6ac3b14e3 16847->16850 16866 7ff6ac3b026f 16865->16866 16867 7ff6ac3b025d 16865->16867 16870 7ff6ac3b027d 16866->16870 16873 7ff6ac3b02b9 16866->16873 16868 7ff6ac3b4444 _get_daylight 11 API calls 16867->16868 16869 7ff6ac3b0262 16868->16869 16871 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 16869->16871 16872 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 16870->16872 16879 7ff6ac3b026d 16871->16879 16872->16879 16874 7ff6ac3b0635 16873->16874 16876 7ff6ac3b4444 _get_daylight 11 API calls 16873->16876 16875 7ff6ac3b4444 _get_daylight 11 API calls 16874->16875 16874->16879 16877 7ff6ac3b08c9 16875->16877 16878 7ff6ac3b062a 16876->16878 16881 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 16878->16881 16879->16736 16881->16874 16923 7ff6ac3c0698 16882->16923 16982 7ff6ac3c0410 16923->16982 17003 7ff6ac3bf788 EnterCriticalSection 16982->17003 17013 7ff6ac3b5f95 17012->17013 17014 7ff6ac3b5f62 17012->17014 17013->16694 17014->17013 17031 7ff6ac3bf924 17014->17031 17017 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 17020 7ff6ac3b5364 17019->17020 17021 7ff6ac3b53d2 17019->17021 17020->17021 17023 7ff6ac3b5369 17020->17023 17065 7ff6ac3bf090 17021->17065 17024 7ff6ac3b5381 17023->17024 17025 7ff6ac3b539e 17023->17025 17040 7ff6ac3b5118 GetFullPathNameW 17024->17040 17048 7ff6ac3b518c GetFullPathNameW 17025->17048 17032 7ff6ac3bf931 17031->17032 17033 7ff6ac3bf93b 17031->17033 17032->17033 17038 7ff6ac3bf957 17032->17038 17034 7ff6ac3b4444 _get_daylight 11 API calls 17033->17034 17035 7ff6ac3bf943 17034->17035 17036 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 17035->17036 17037 7ff6ac3b5f91 17036->17037 17037->17013 17037->17017 17038->17037 17039 7ff6ac3b4444 _get_daylight 11 API calls 17038->17039 17039->17035 17041 7ff6ac3b513e GetLastError 17040->17041 17045 7ff6ac3b5154 17040->17045 17042 7ff6ac3b43b8 _fread_nolock 11 API calls 17041->17042 17043 7ff6ac3b5150 17045->17043 17047 7ff6ac3b4444 _get_daylight 11 API calls 17045->17047 17047->17043 17049 7ff6ac3b51bf GetLastError 17048->17049 17050 7ff6ac3b51d5 __std_exception_destroy 17048->17050 17051 7ff6ac3b43b8 _fread_nolock 11 API calls 17049->17051 17054 7ff6ac3b51d1 17050->17054 17055 7ff6ac3b522f GetFullPathNameW 17050->17055 17055->17049 17055->17054 17068 7ff6ac3beea0 17065->17068 17069 7ff6ac3beee2 17068->17069 17070 7ff6ac3beecb 17068->17070 17072 7ff6ac3bef07 17069->17072 17073 7ff6ac3beee6 17069->17073 17071 7ff6ac3b4444 _get_daylight 11 API calls 17070->17071 17088 7ff6ac3beed0 17071->17088 17106 7ff6ac3be508 17072->17106 17094 7ff6ac3bf00c 17073->17094 17127 7ff6ac3bf788 EnterCriticalSection 17120->17127 17129 7ff6ac3ba620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17128->17129 17130 7ff6ac3b50fd 17129->17130 17131 7ff6ac3bee97 17130->17131 17134 7ff6ac3bedb6 17130->17134 17150 7ff6ac3aaf14 17131->17150 17135 7ff6ac3aad80 _wfindfirst32i64 8 API calls 17134->17135 17136 7ff6ac3bee8f 17135->17136 17136->16582 17138 7ff6ac3a28a0 17137->17138 17139 7ff6ac3b3be4 49 API calls 17138->17139 17153 7ff6ac3aaf28 IsProcessorFeaturePresent 17150->17153 17154 7ff6ac3aaf3f 17153->17154 17159 7ff6ac3aafc4 RtlCaptureContext RtlLookupFunctionEntry 17154->17159 17160 7ff6ac3aaff4 RtlVirtualUnwind 17159->17160 17161 7ff6ac3aaf53 17159->17161 17160->17161 17162 7ff6ac3aae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17161->17162 17164 7ff6ac3afad9 17163->17164 17165 7ff6ac3afaac 17163->17165 17164->16607 17165->17164 17166 7ff6ac3afae1 17165->17166 17167 7ff6ac3afab6 17165->17167 17170 7ff6ac3af9cc 17166->17170 17168 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 17167->17168 17168->17164 17177 7ff6ac3b42ec EnterCriticalSection 17170->17177 17179 7ff6ac3a2e34 17178->17179 17180 7ff6ac3b3be4 49 API calls 17179->17180 17181 7ff6ac3a2e5a 17180->17181 17182 7ff6ac3a2e6b 17181->17182 17210 7ff6ac3b4e08 17181->17210 17184 7ff6ac3aad80 _wfindfirst32i64 8 API calls 17182->17184 17185 7ff6ac3a2a8d 17184->17185 17185->16502 17185->16503 17187 7ff6ac3a660e 17186->17187 17188 7ff6ac3a3cb0 116 API calls 17187->17188 17189 7ff6ac3a6635 17188->17189 17190 7ff6ac3a6a40 136 API calls 17189->17190 17191 7ff6ac3a6643 17190->17191 17192 7ff6ac3a66f3 17191->17192 17194 7ff6ac3a665d 17191->17194 17193 7ff6ac3a66ef 17192->17193 17195 7ff6ac3af2ac 74 API calls 17192->17195 17197 7ff6ac3aad80 _wfindfirst32i64 8 API calls 17193->17197 17340 7ff6ac3af344 17194->17340 17195->17193 17199 7ff6ac3a6715 17197->17199 17199->16510 17208 7ff6ac3a6662 17211 7ff6ac3b4e31 17210->17211 17212 7ff6ac3b4e25 17210->17212 17213 7ff6ac3b4a1c 45 API calls 17211->17213 17227 7ff6ac3b4680 17212->17227 17215 7ff6ac3b4e59 17213->17215 17216 7ff6ac3bdfcc 5 API calls 17215->17216 17221 7ff6ac3b4e69 17215->17221 17216->17221 17217 7ff6ac3b4504 14 API calls 17218 7ff6ac3b4ec1 17217->17218 17219 7ff6ac3b4ec5 17218->17219 17220 7ff6ac3b4ed9 17218->17220 17222 7ff6ac3b4e2a 17219->17222 17224 7ff6ac3b9e18 __free_lconv_num 11 API calls 17219->17224 17223 7ff6ac3b4680 69 API calls 17220->17223 17221->17217 17222->17182 17225 7ff6ac3b4ee5 17223->17225 17224->17222 17225->17222 17226 7ff6ac3b9e18 __free_lconv_num 11 API calls 17225->17226 17226->17222 17228 7ff6ac3b46b7 17227->17228 17229 7ff6ac3b469a 17227->17229 17228->17229 17231 7ff6ac3b46ca CreateFileW 17228->17231 17230 7ff6ac3b4424 _fread_nolock 11 API calls 17229->17230 17232 7ff6ac3b469f 17230->17232 17233 7ff6ac3b46fe 17231->17233 17234 7ff6ac3b4734 17231->17234 17236 7ff6ac3b4444 _get_daylight 11 API calls 17232->17236 17252 7ff6ac3b47d4 GetFileType 17233->17252 17278 7ff6ac3b4cf8 17234->17278 17239 7ff6ac3b46a7 17236->17239 17243 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 17239->17243 17241 7ff6ac3b4768 17299 7ff6ac3b4ab8 17241->17299 17242 7ff6ac3b473d 17246 7ff6ac3b43b8 _fread_nolock 11 API calls 17242->17246 17248 7ff6ac3b46b2 17243->17248 17244 7ff6ac3b4713 CloseHandle 17244->17248 17245 7ff6ac3b4729 CloseHandle 17245->17248 17251 7ff6ac3b4747 17246->17251 17248->17222 17251->17248 17253 7ff6ac3b48df 17252->17253 17254 7ff6ac3b4822 17252->17254 17255 7ff6ac3b4909 17253->17255 17256 7ff6ac3b48e7 17253->17256 17257 7ff6ac3b484e GetFileInformationByHandle 17254->17257 17258 7ff6ac3b4bf4 21 API calls 17254->17258 17262 7ff6ac3b492c PeekNamedPipe 17255->17262 17268 7ff6ac3b48ca 17255->17268 17259 7ff6ac3b48fa GetLastError 17256->17259 17260 7ff6ac3b48eb 17256->17260 17257->17259 17261 7ff6ac3b4877 17257->17261 17263 7ff6ac3b483c 17258->17263 17266 7ff6ac3b43b8 _fread_nolock 11 API calls 17259->17266 17264 7ff6ac3b4444 _get_daylight 11 API calls 17260->17264 17265 7ff6ac3b4ab8 51 API calls 17261->17265 17262->17268 17263->17257 17263->17268 17264->17268 17269 7ff6ac3b4882 17265->17269 17266->17268 17267 7ff6ac3aad80 _wfindfirst32i64 8 API calls 17270 7ff6ac3b470c 17267->17270 17268->17267 17316 7ff6ac3b497c 17269->17316 17270->17244 17270->17245 17279 7ff6ac3b4d2e 17278->17279 17280 7ff6ac3b4dc6 __std_exception_destroy 17279->17280 17281 7ff6ac3b4444 _get_daylight 11 API calls 17279->17281 17282 7ff6ac3aad80 _wfindfirst32i64 8 API calls 17280->17282 17283 7ff6ac3b4d40 17281->17283 17284 7ff6ac3b4739 17282->17284 17285 7ff6ac3b4444 _get_daylight 11 API calls 17283->17285 17284->17241 17284->17242 17286 7ff6ac3b4d48 17285->17286 17287 7ff6ac3b5348 45 API calls 17286->17287 17288 7ff6ac3b4d5d 17287->17288 17289 7ff6ac3b4d6f 17288->17289 17290 7ff6ac3b4d65 17288->17290 17292 7ff6ac3b4444 _get_daylight 11 API calls 17289->17292 17291 7ff6ac3b4444 _get_daylight 11 API calls 17290->17291 17301 7ff6ac3b4ae0 17299->17301 17300 7ff6ac3b4775 17309 7ff6ac3b4bf4 17300->17309 17301->17300 17323 7ff6ac3be674 17301->17323 17317 7ff6ac3b49a5 FileTimeToSystemTime 17316->17317 17318 7ff6ac3b4998 17316->17318 17319 7ff6ac3b49b9 SystemTimeToTzSpecificLocalTime 17317->17319 17321 7ff6ac3b49a0 17317->17321 17318->17317 17318->17321 17319->17321 17320 7ff6ac3aad80 _wfindfirst32i64 8 API calls 17321->17320 17324 7ff6ac3be681 17323->17324 17327 7ff6ac3be6a5 17323->17327 17324->17327 17341 7ff6ac3af35d 17340->17341 17342 7ff6ac3af34d 17340->17342 17341->17208 17343 7ff6ac3b4444 _get_daylight 11 API calls 17342->17343 17367 7ff6ac3a707a 17366->17367 17368 7ff6ac3b918d 17366->17368 17372 7ff6ac3b6ef8 17367->17372 17369 7ff6ac3b4444 _get_daylight 11 API calls 17368->17369 17370 7ff6ac3b9192 17369->17370 17371 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 17370->17371 17371->17367 17373 7ff6ac3b6f01 17372->17373 17375 7ff6ac3b6f16 17372->17375 17374 7ff6ac3b4424 _fread_nolock 11 API calls 17373->17374 17377 7ff6ac3b6f06 17374->17377 17376 7ff6ac3b4424 _fread_nolock 11 API calls 17375->17376 17381 7ff6ac3b6f0e 17375->17381 17378 7ff6ac3b6f51 17376->17378 17379 7ff6ac3b4444 _get_daylight 11 API calls 17377->17379 17380 7ff6ac3b4444 _get_daylight 11 API calls 17378->17380 17379->17381 17382 7ff6ac3b6f59 17380->17382 17381->15765 17385 7ff6ac3b53fc 17384->17385 17386 7ff6ac3b5422 17385->17386 17389 7ff6ac3b5455 17385->17389 17387 7ff6ac3b4444 _get_daylight 11 API calls 17386->17387 17388 7ff6ac3b5427 17387->17388 17390 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 17388->17390 17391 7ff6ac3b5468 17389->17391 17392 7ff6ac3b545b 17389->17392 17394 7ff6ac3a3d09 17390->17394 17403 7ff6ac3ba0f8 17391->17403 17395 7ff6ac3b4444 _get_daylight 11 API calls 17392->17395 17394->15801 17395->17394 17416 7ff6ac3bf788 EnterCriticalSection 17403->17416 17764 7ff6ac3b7968 17763->17764 17767 7ff6ac3b7444 17764->17767 17766 7ff6ac3b7981 17766->15811 17768 7ff6ac3b748e 17767->17768 17769 7ff6ac3b745f 17767->17769 17777 7ff6ac3b42ec EnterCriticalSection 17768->17777 17770 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 17769->17770 17776 7ff6ac3b747f 17770->17776 17776->17766 17779 7ff6ac3af0d1 17778->17779 17780 7ff6ac3af0a3 17778->17780 17784 7ff6ac3af0c3 17779->17784 17788 7ff6ac3b42ec EnterCriticalSection 17779->17788 17781 7ff6ac3b9ce4 _invalid_parameter_noinfo 37 API calls 17780->17781 17781->17784 17784->15815 17790 7ff6ac3a12c6 17789->17790 17791 7ff6ac3a12f8 17789->17791 17792 7ff6ac3a3cb0 116 API calls 17790->17792 17793 7ff6ac3af934 73 API calls 17791->17793 17794 7ff6ac3a12d6 17792->17794 17795 7ff6ac3a130a 17793->17795 17794->17791 17796 7ff6ac3a12de 17794->17796 17797 7ff6ac3a130e 17795->17797 17800 7ff6ac3a132f 17795->17800 17798 7ff6ac3a2770 59 API calls 17796->17798 17799 7ff6ac3a24d0 59 API calls 17797->17799 17801 7ff6ac3a12ee 17798->17801 17802 7ff6ac3a1325 17799->17802 17803 7ff6ac3a1364 17800->17803 17804 7ff6ac3a1344 17800->17804 17801->15825 17802->15825 17806 7ff6ac3a137e 17803->17806 17811 7ff6ac3a1395 17803->17811 17805 7ff6ac3a24d0 59 API calls 17804->17805 17812 7ff6ac3a135f __std_exception_destroy 17805->17812 17807 7ff6ac3a1050 98 API calls 17806->17807 17807->17812 17808 7ff6ac3a1421 17808->15825 17809 7ff6ac3af5fc _fread_nolock 53 API calls 17809->17811 17810 7ff6ac3af2ac 74 API calls 17810->17808 17811->17809 17811->17812 17813 7ff6ac3a13de 17811->17813 17812->17808 17812->17810 17814 7ff6ac3a24d0 59 API calls 17813->17814 17814->17812 17816 7ff6ac3a1b30 49 API calls 17815->17816 17817 7ff6ac3a3d60 17816->17817 17817->15827 17819 7ff6ac3a1666 17818->17819 17820 7ff6ac3a16aa 17818->17820 17819->17820 17821 7ff6ac3a2770 59 API calls 17819->17821 17820->15844 17822 7ff6ac3a16be 17821->17822 17822->15844 17824 7ff6ac3a7a30 57 API calls 17823->17824 17825 7ff6ac3a71c7 LoadLibraryExW 17824->17825 17826 7ff6ac3a71e4 __std_exception_destroy 17825->17826 17826->15852 17827->15927 17828->15925 17830 7ff6ac3a4970 17829->17830 17831 7ff6ac3a1b30 49 API calls 17830->17831 17832 7ff6ac3a49a2 17831->17832 17833 7ff6ac3a49cb 17832->17833 17834 7ff6ac3a49ab 17832->17834 17835 7ff6ac3a4a22 17833->17835 17837 7ff6ac3a3d30 49 API calls 17833->17837 17836 7ff6ac3a2770 59 API calls 17834->17836 17838 7ff6ac3a3d30 49 API calls 17835->17838 17840 7ff6ac3a49c1 17836->17840 17841 7ff6ac3a49ec 17837->17841 17839 7ff6ac3a4a3b 17838->17839 17844 7ff6ac3a4a59 17839->17844 17849 7ff6ac3a2770 59 API calls 17839->17849 17843 7ff6ac3aad80 _wfindfirst32i64 8 API calls 17840->17843 17842 7ff6ac3a4a0a 17841->17842 17846 7ff6ac3a2770 59 API calls 17841->17846 17914 7ff6ac3a3c40 17842->17914 17848 7ff6ac3a30be 17843->17848 17845 7ff6ac3a71b0 58 API calls 17844->17845 17850 7ff6ac3a4a66 17845->17850 17846->17842 17848->15937 17857 7ff6ac3a4ce0 17848->17857 17849->17844 17852 7ff6ac3a4a6b 17850->17852 17853 7ff6ac3a4a8d 17850->17853 17854 7ff6ac3a2620 57 API calls 17852->17854 17920 7ff6ac3a3df0 GetProcAddress 17853->17920 17854->17840 17856 7ff6ac3a71b0 58 API calls 17856->17835 17858 7ff6ac3a6990 61 API calls 17857->17858 17860 7ff6ac3a4cf5 17858->17860 17859 7ff6ac3a4d10 17861 7ff6ac3a7a30 57 API calls 17859->17861 17860->17859 17862 7ff6ac3a2880 59 API calls 17860->17862 17863 7ff6ac3a4d54 17861->17863 17862->17859 17864 7ff6ac3a4d70 17863->17864 17865 7ff6ac3a4d59 17863->17865 17868 7ff6ac3a7a30 57 API calls 17864->17868 17866 7ff6ac3a2770 59 API calls 17865->17866 17867 7ff6ac3a4d65 17866->17867 17867->15939 17869 7ff6ac3a4da5 17868->17869 17870 7ff6ac3a4daa __std_exception_destroy 17869->17870 17872 7ff6ac3a1b30 49 API calls 17869->17872 17871 7ff6ac3a2770 59 API calls 17870->17871 17884 7ff6ac3a4f3a 17870->17884 17873 7ff6ac3a4f51 17871->17873 17874 7ff6ac3a4e27 17872->17874 17873->15939 17875 7ff6ac3a4e2e 17874->17875 17876 7ff6ac3a4e53 17874->17876 17877 7ff6ac3a2770 59 API calls 17875->17877 17878 7ff6ac3a7a30 57 API calls 17876->17878 17879 7ff6ac3a4e43 17877->17879 17880 7ff6ac3a4e6c 17878->17880 17879->15939 17880->17870 18027 7ff6ac3a4ac0 17880->18027 17884->15939 17886 7ff6ac3a46f7 17885->17886 17886->17886 17887 7ff6ac3a4720 17886->17887 17894 7ff6ac3a4737 __std_exception_destroy 17886->17894 17888 7ff6ac3a2770 59 API calls 17887->17888 17889 7ff6ac3a472c 17888->17889 17889->15941 17890 7ff6ac3a481b 17890->15941 17891 7ff6ac3a12b0 122 API calls 17891->17894 17892 7ff6ac3a1780 59 API calls 17892->17894 17893 7ff6ac3a2770 59 API calls 17893->17894 17894->17890 17894->17891 17894->17892 17894->17893 17896 7ff6ac3a4947 17895->17896 17898 7ff6ac3a485b 17895->17898 17898->17896 17915 7ff6ac3a3c4a 17914->17915 17916 7ff6ac3a7a30 57 API calls 17915->17916 17917 7ff6ac3a3c72 17916->17917 17918 7ff6ac3aad80 _wfindfirst32i64 8 API calls 17917->17918 17919 7ff6ac3a3c9a 17918->17919 17919->17835 17919->17856 17921 7ff6ac3a3e18 17920->17921 17922 7ff6ac3a3e3b GetProcAddress 17920->17922 17925 7ff6ac3a2620 57 API calls 17921->17925 17922->17921 17923 7ff6ac3a3e60 GetProcAddress 17922->17923 17923->17921 17924 7ff6ac3a3e85 GetProcAddress 17923->17924 17924->17921 17926 7ff6ac3a3ead GetProcAddress 17924->17926 17927 7ff6ac3a3e2b 17925->17927 17926->17921 17928 7ff6ac3a3ed5 GetProcAddress 17926->17928 17927->17840 17928->17921 17929 7ff6ac3a3efd GetProcAddress 17928->17929 17930 7ff6ac3a3f25 GetProcAddress 17929->17930 17931 7ff6ac3a3f19 17929->17931 17932 7ff6ac3a3f41 17930->17932 17933 7ff6ac3a3f4d GetProcAddress 17930->17933 17931->17930 17932->17933 17934 7ff6ac3a3f69 17933->17934 17935 7ff6ac3a3fa5 GetProcAddress 17934->17935 17936 7ff6ac3a3f7d GetProcAddress 17934->17936 17938 7ff6ac3a3fc1 17935->17938 17939 7ff6ac3a3fcd GetProcAddress 17935->17939 17936->17935 17937 7ff6ac3a3f99 17936->17937 17937->17935 17938->17939 17940 7ff6ac3a3ff5 GetProcAddress 17939->17940 17941 7ff6ac3a3fe9 17939->17941 17942 7ff6ac3a4011 17940->17942 17943 7ff6ac3a401d GetProcAddress 17940->17943 17941->17940 17942->17943 18035 7ff6ac3a4ada 18027->18035 18028 7ff6ac3a4c91 18030 7ff6ac3a1780 59 API calls 18030->18035 18032 7ff6ac3a4bf3 18032->18028 18035->18028 18035->18030 18035->18032 18037 7ff6ac3a4cc9 18035->18037 18061 7ff6ac3b56d0 18035->18061 18195 7ff6ac3ba620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18194->18195 18197 7ff6ac3b90e1 18195->18197 18196 7ff6ac3b920c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18198 7ff6ac3b9101 18196->18198 18197->18196 18512 7ff6ac3ab0b0 18513 7ff6ac3ab0c0 18512->18513 18529 7ff6ac3b579c 18513->18529 18515 7ff6ac3ab0cc 18535 7ff6ac3ab3b8 18515->18535 18517 7ff6ac3ab69c 7 API calls 18519 7ff6ac3ab165 18517->18519 18518 7ff6ac3ab0e4 _RTC_Initialize 18527 7ff6ac3ab139 18518->18527 18540 7ff6ac3ab568 18518->18540 18521 7ff6ac3ab0f9 18543 7ff6ac3b7e6c 18521->18543 18527->18517 18528 7ff6ac3ab155 18527->18528 18530 7ff6ac3b57ad 18529->18530 18531 7ff6ac3b57b5 18530->18531 18532 7ff6ac3b4444 _get_daylight 11 API calls 18530->18532 18531->18515 18533 7ff6ac3b57c4 18532->18533 18534 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 18533->18534 18534->18531 18536 7ff6ac3ab3c9 18535->18536 18539 7ff6ac3ab3ce __scrt_acquire_startup_lock 18535->18539 18537 7ff6ac3ab69c 7 API calls 18536->18537 18536->18539 18538 7ff6ac3ab442 18537->18538 18539->18518 18568 7ff6ac3ab52c 18540->18568 18542 7ff6ac3ab571 18542->18521 18544 7ff6ac3b7e8c 18543->18544 18559 7ff6ac3ab105 18543->18559 18545 7ff6ac3b7e94 18544->18545 18546 7ff6ac3b7eaa GetModuleFileNameW 18544->18546 18547 7ff6ac3b4444 _get_daylight 11 API calls 18545->18547 18550 7ff6ac3b7ed5 18546->18550 18548 7ff6ac3b7e99 18547->18548 18549 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 18548->18549 18549->18559 18583 7ff6ac3b7e0c 18550->18583 18553 7ff6ac3b7f1d 18554 7ff6ac3b4444 _get_daylight 11 API calls 18553->18554 18555 7ff6ac3b7f22 18554->18555 18556 7ff6ac3b9e18 __free_lconv_num 11 API calls 18555->18556 18556->18559 18557 7ff6ac3b7f57 18560 7ff6ac3b9e18 __free_lconv_num 11 API calls 18557->18560 18558 7ff6ac3b7f35 18558->18557 18561 7ff6ac3b7f83 18558->18561 18562 7ff6ac3b7f9c 18558->18562 18559->18527 18567 7ff6ac3ab63c InitializeSListHead 18559->18567 18560->18559 18563 7ff6ac3b9e18 __free_lconv_num 11 API calls 18561->18563 18565 7ff6ac3b9e18 __free_lconv_num 11 API calls 18562->18565 18564 7ff6ac3b7f8c 18563->18564 18566 7ff6ac3b9e18 __free_lconv_num 11 API calls 18564->18566 18565->18557 18566->18559 18569 7ff6ac3ab546 18568->18569 18571 7ff6ac3ab53f 18568->18571 18572 7ff6ac3b8eec 18569->18572 18571->18542 18575 7ff6ac3b8b28 18572->18575 18582 7ff6ac3bf788 EnterCriticalSection 18575->18582 18584 7ff6ac3b7e5c 18583->18584 18585 7ff6ac3b7e24 18583->18585 18584->18553 18584->18558 18585->18584 18586 7ff6ac3bdd40 _get_daylight 11 API calls 18585->18586 18587 7ff6ac3b7e52 18586->18587 18588 7ff6ac3b9e18 __free_lconv_num 11 API calls 18587->18588 18588->18584 18695 7ff6ac3b8a50 18698 7ff6ac3b89d0 18695->18698 18705 7ff6ac3bf788 EnterCriticalSection 18698->18705 18706 7ff6ac3c9664 18709 7ff6ac3b42f8 LeaveCriticalSection 18706->18709 19254 7ff6ac3c94de 19255 7ff6ac3c94ee 19254->19255 19258 7ff6ac3b42f8 LeaveCriticalSection 19255->19258 18199 7ff6ac3be8dc 18200 7ff6ac3beace 18199->18200 18202 7ff6ac3be91e _isindst 18199->18202 18201 7ff6ac3b4444 _get_daylight 11 API calls 18200->18201 18219 7ff6ac3beabe 18201->18219 18202->18200 18205 7ff6ac3be99e _isindst 18202->18205 18203 7ff6ac3aad80 _wfindfirst32i64 8 API calls 18204 7ff6ac3beae9 18203->18204 18220 7ff6ac3c53b4 18205->18220 18210 7ff6ac3beafa 18212 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 18210->18212 18214 7ff6ac3beb0e 18212->18214 18217 7ff6ac3be9fb 18217->18219 18245 7ff6ac3c53f8 18217->18245 18219->18203 18221 7ff6ac3be9bc 18220->18221 18222 7ff6ac3c53c3 18220->18222 18227 7ff6ac3c47b8 18221->18227 18252 7ff6ac3bf788 EnterCriticalSection 18222->18252 18228 7ff6ac3c47c1 18227->18228 18229 7ff6ac3be9d1 18227->18229 18230 7ff6ac3b4444 _get_daylight 11 API calls 18228->18230 18229->18210 18233 7ff6ac3c47e8 18229->18233 18231 7ff6ac3c47c6 18230->18231 18232 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 18231->18232 18232->18229 18234 7ff6ac3c47f1 18233->18234 18238 7ff6ac3be9e2 18233->18238 18235 7ff6ac3b4444 _get_daylight 11 API calls 18234->18235 18236 7ff6ac3c47f6 18235->18236 18237 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 18236->18237 18237->18238 18238->18210 18239 7ff6ac3c4818 18238->18239 18240 7ff6ac3c4821 18239->18240 18241 7ff6ac3be9f3 18239->18241 18242 7ff6ac3b4444 _get_daylight 11 API calls 18240->18242 18241->18210 18241->18217 18243 7ff6ac3c4826 18242->18243 18244 7ff6ac3b9db0 _invalid_parameter_noinfo 37 API calls 18243->18244 18244->18241 18253 7ff6ac3bf788 EnterCriticalSection 18245->18253 14685 7ff6ac3aa370 14686 7ff6ac3aa39e 14685->14686 14687 7ff6ac3aa385 14685->14687 14687->14686 14690 7ff6ac3bcacc 14687->14690 14691 7ff6ac3bcb17 14690->14691 14692 7ff6ac3bcadb _get_daylight 14690->14692 14700 7ff6ac3b4444 14691->14700 14692->14691 14694 7ff6ac3bcafe HeapAlloc 14692->14694 14697 7ff6ac3c26b0 14692->14697 14694->14692 14695 7ff6ac3aa3fc 14694->14695 14703 7ff6ac3c26f0 14697->14703 14709 7ff6ac3ba798 GetLastError 14700->14709 14702 7ff6ac3b444d 14702->14695 14708 7ff6ac3bf788 EnterCriticalSection 14703->14708 14710 7ff6ac3ba7d9 FlsSetValue 14709->14710 14712 7ff6ac3ba7bc 14709->14712 14711 7ff6ac3ba7eb 14710->14711 14723 7ff6ac3ba7c9 SetLastError 14710->14723 14726 7ff6ac3bdd40 14711->14726 14712->14710 14712->14723 14716 7ff6ac3ba818 FlsSetValue 14718 7ff6ac3ba824 FlsSetValue 14716->14718 14719 7ff6ac3ba836 14716->14719 14717 7ff6ac3ba808 FlsSetValue 14720 7ff6ac3ba811 14717->14720 14718->14720 14739 7ff6ac3ba3c4 14719->14739 14733 7ff6ac3b9e18 14720->14733 14723->14702 14727 7ff6ac3bdd51 _get_daylight 14726->14727 14728 7ff6ac3bdda2 14727->14728 14729 7ff6ac3bdd86 HeapAlloc 14727->14729 14732 7ff6ac3c26b0 _get_daylight 2 API calls 14727->14732 14731 7ff6ac3b4444 _get_daylight 10 API calls 14728->14731 14729->14727 14730 7ff6ac3ba7fa 14729->14730 14730->14716 14730->14717 14731->14730 14732->14727 14734 7ff6ac3b9e4c 14733->14734 14735 7ff6ac3b9e1d RtlFreeHeap 14733->14735 14734->14723 14735->14734 14736 7ff6ac3b9e38 GetLastError 14735->14736 14737 7ff6ac3b9e45 __free_lconv_num 14736->14737 14738 7ff6ac3b4444 _get_daylight 9 API calls 14737->14738 14738->14734 14744 7ff6ac3ba29c 14739->14744 14756 7ff6ac3bf788 EnterCriticalSection 14744->14756 19263 7ff6ac3c07f0 19274 7ff6ac3c6764 19263->19274 19275 7ff6ac3c6771 19274->19275 19276 7ff6ac3b9e18 __free_lconv_num 11 API calls 19275->19276 19277 7ff6ac3c678d 19275->19277 19276->19275 19278 7ff6ac3b9e18 __free_lconv_num 11 API calls 19277->19278 19279 7ff6ac3c07f9 19277->19279 19278->19277 19280 7ff6ac3bf788 EnterCriticalSection 19279->19280 19281 7ff6ac3bb9f0 19292 7ff6ac3bf788 EnterCriticalSection 19281->19292

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 00007FF6AC3C4E20 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 135 7ff6ac3c4e20-7ff6ac3c4e5b call 7ff6ac3c47a8 call 7ff6ac3c47b0 call 7ff6ac3c4818 142 7ff6ac3c4e61-7ff6ac3c4e6c call 7ff6ac3c47b8 135->142 143 7ff6ac3c5085-7ff6ac3c50d1 call 7ff6ac3b9dd0 call 7ff6ac3c47a8 call 7ff6ac3c47b0 call 7ff6ac3c4818 135->143 142->143 149 7ff6ac3c4e72-7ff6ac3c4e7c 142->149 169 7ff6ac3c520f-7ff6ac3c527d call 7ff6ac3b9dd0 call 7ff6ac3c06b8 143->169 170 7ff6ac3c50d7-7ff6ac3c50e2 call 7ff6ac3c47b8 143->170 151 7ff6ac3c4e9e-7ff6ac3c4ea2 149->151 152 7ff6ac3c4e7e-7ff6ac3c4e81 149->152 155 7ff6ac3c4ea5-7ff6ac3c4ead 151->155 154 7ff6ac3c4e84-7ff6ac3c4e8f 152->154 157 7ff6ac3c4e91-7ff6ac3c4e98 154->157 158 7ff6ac3c4e9a-7ff6ac3c4e9c 154->158 155->155 159 7ff6ac3c4eaf-7ff6ac3c4ec2 call 7ff6ac3bcacc 155->159 157->154 157->158 158->151 162 7ff6ac3c4ecb-7ff6ac3c4ed9 158->162 165 7ff6ac3c4ec4-7ff6ac3c4ec6 call 7ff6ac3b9e18 159->165 166 7ff6ac3c4eda-7ff6ac3c4ee6 call 7ff6ac3b9e18 159->166 165->162 176 7ff6ac3c4eed-7ff6ac3c4ef5 166->176 188 7ff6ac3c527f-7ff6ac3c5286 169->188 189 7ff6ac3c528b-7ff6ac3c528e 169->189 170->169 179 7ff6ac3c50e8-7ff6ac3c50f3 call 7ff6ac3c47e8 170->179 176->176 180 7ff6ac3c4ef7-7ff6ac3c4f08 call 7ff6ac3bf924 176->180 179->169 190 7ff6ac3c50f9-7ff6ac3c511c call 7ff6ac3b9e18 GetTimeZoneInformation 179->190 180->143 187 7ff6ac3c4f0e-7ff6ac3c4f64 call 7ff6ac3ac210 * 4 call 7ff6ac3c4d3c 180->187 247 7ff6ac3c4f66-7ff6ac3c4f6a 187->247 193 7ff6ac3c531b-7ff6ac3c531e 188->193 194 7ff6ac3c5290 189->194 195 7ff6ac3c52c5-7ff6ac3c52d8 call 7ff6ac3bcacc 189->195 201 7ff6ac3c51e4-7ff6ac3c520e call 7ff6ac3c47a0 call 7ff6ac3c4790 call 7ff6ac3c4798 190->201 202 7ff6ac3c5122-7ff6ac3c5143 190->202 198 7ff6ac3c5293 193->198 199 7ff6ac3c5324-7ff6ac3c532c call 7ff6ac3c4e20 193->199 194->198 208 7ff6ac3c52e3-7ff6ac3c52fe call 7ff6ac3c06b8 195->208 209 7ff6ac3c52da 195->209 204 7ff6ac3c5298-7ff6ac3c52c4 call 7ff6ac3b9e18 call 7ff6ac3aad80 198->204 205 7ff6ac3c5293 call 7ff6ac3c509c 198->205 199->204 210 7ff6ac3c514e-7ff6ac3c5155 202->210 211 7ff6ac3c5145-7ff6ac3c514b 202->211 205->204 231 7ff6ac3c5300-7ff6ac3c5303 208->231 232 7ff6ac3c5305-7ff6ac3c5317 call 7ff6ac3b9e18 208->232 216 7ff6ac3c52dc-7ff6ac3c52e1 call 7ff6ac3b9e18 209->216 218 7ff6ac3c5169 210->218 219 7ff6ac3c5157-7ff6ac3c515f 210->219 211->210 216->194 228 7ff6ac3c516b-7ff6ac3c51df call 7ff6ac3ac210 * 4 call 7ff6ac3c1c7c call 7ff6ac3c5334 * 2 218->228 219->218 225 7ff6ac3c5161-7ff6ac3c5167 219->225 225->228 228->201 231->216 232->193 249 7ff6ac3c4f70-7ff6ac3c4f74 247->249 250 7ff6ac3c4f6c 247->250 249->247 252 7ff6ac3c4f76-7ff6ac3c4f9b call 7ff6ac3c7c64 249->252 250->249 258 7ff6ac3c4f9e-7ff6ac3c4fa2 252->258 260 7ff6ac3c4fb1-7ff6ac3c4fb5 258->260 261 7ff6ac3c4fa4-7ff6ac3c4faf 258->261 260->258 261->260 263 7ff6ac3c4fb7-7ff6ac3c4fbb 261->263 266 7ff6ac3c4fbd-7ff6ac3c4fe5 call 7ff6ac3c7c64 263->266 267 7ff6ac3c503c-7ff6ac3c5040 263->267 275 7ff6ac3c5003-7ff6ac3c5007 266->275 276 7ff6ac3c4fe7 266->276 268 7ff6ac3c5042-7ff6ac3c5044 267->268 269 7ff6ac3c5047-7ff6ac3c5054 267->269 268->269 271 7ff6ac3c506f-7ff6ac3c507e call 7ff6ac3c47a0 call 7ff6ac3c4790 269->271 272 7ff6ac3c5056-7ff6ac3c506c call 7ff6ac3c4d3c 269->272 271->143 272->271 275->267 281 7ff6ac3c5009-7ff6ac3c5027 call 7ff6ac3c7c64 275->281 279 7ff6ac3c4fea-7ff6ac3c4ff1 276->279 279->275 282 7ff6ac3c4ff3-7ff6ac3c5001 279->282 287 7ff6ac3c5033-7ff6ac3c503a 281->287 282->275 282->279 287->267 288 7ff6ac3c5029-7ff6ac3c502d 287->288 288->267 289 7ff6ac3c502f 288->289 289->287
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C4E65
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3C47B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3C47CC
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: RtlFreeHeap.NTDLL(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E2E
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: GetLastError.KERNEL32(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E38
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6AC3B9DAF,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3B9DD9
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6AC3B9DAF,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3B9DFE
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C4E54
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3C4818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3C482C
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50CA
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50DB
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50EC
                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6AC3C532C), ref: 00007FF6AC3C5113
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                  • API String ID: 4070488512-239921721
                                                                                                                                                                                  • Opcode ID: 77ba2d10f7a40a17f98ee8fd01e8c058cff67636c36494bf754a44884999314e
                                                                                                                                                                                  • Instruction ID: 4009a8f1a1c72b54e57a6ed37f248bc4f907f5b7f9fa1744643628e60a05b70a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 77ba2d10f7a40a17f98ee8fd01e8c058cff67636c36494bf754a44884999314e
                                                                                                                                                                                  • Instruction Fuzzy Hash: EDD1D126E0EA6286EB20EF25D8409BD63A1FF85B84F458035EA4DC7686DF3DF845C740
                                                                                                                                                                                  Function 00007FF6AC3C5D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 320 7ff6ac3c5d6c-7ff6ac3c5ddf call 7ff6ac3c5aa0 323 7ff6ac3c5de1-7ff6ac3c5dea call 7ff6ac3b4424 320->323 324 7ff6ac3c5df9-7ff6ac3c5e03 call 7ff6ac3b6cfc 320->324 329 7ff6ac3c5ded-7ff6ac3c5df4 call 7ff6ac3b4444 323->329 330 7ff6ac3c5e1e-7ff6ac3c5e87 CreateFileW 324->330 331 7ff6ac3c5e05-7ff6ac3c5e1c call 7ff6ac3b4424 call 7ff6ac3b4444 324->331 347 7ff6ac3c613a-7ff6ac3c615a 329->347 332 7ff6ac3c5f04-7ff6ac3c5f0f GetFileType 330->332 333 7ff6ac3c5e89-7ff6ac3c5e8f 330->333 331->329 339 7ff6ac3c5f11-7ff6ac3c5f4c GetLastError call 7ff6ac3b43b8 CloseHandle 332->339 340 7ff6ac3c5f62-7ff6ac3c5f69 332->340 336 7ff6ac3c5ed1-7ff6ac3c5eff GetLastError call 7ff6ac3b43b8 333->336 337 7ff6ac3c5e91-7ff6ac3c5e95 333->337 336->329 337->336 345 7ff6ac3c5e97-7ff6ac3c5ecf CreateFileW 337->345 339->329 355 7ff6ac3c5f52-7ff6ac3c5f5d call 7ff6ac3b4444 339->355 343 7ff6ac3c5f71-7ff6ac3c5f74 340->343 344 7ff6ac3c5f6b-7ff6ac3c5f6f 340->344 350 7ff6ac3c5f7a-7ff6ac3c5fcf call 7ff6ac3b6c14 343->350 351 7ff6ac3c5f76 343->351 344->350 345->332 345->336 358 7ff6ac3c5fd1-7ff6ac3c5fdd call 7ff6ac3c5ca8 350->358 359 7ff6ac3c5fee-7ff6ac3c601f call 7ff6ac3c5820 350->359 351->350 355->329 358->359 367 7ff6ac3c5fdf 358->367 365 7ff6ac3c6021-7ff6ac3c6023 359->365 366 7ff6ac3c6025-7ff6ac3c6067 359->366 368 7ff6ac3c5fe1-7ff6ac3c5fe9 call 7ff6ac3b9f90 365->368 369 7ff6ac3c6089-7ff6ac3c6094 366->369 370 7ff6ac3c6069-7ff6ac3c606d 366->370 367->368 368->347 372 7ff6ac3c6138 369->372 373 7ff6ac3c609a-7ff6ac3c609e 369->373 370->369 371 7ff6ac3c606f-7ff6ac3c6084 370->371 371->369 372->347 373->372 375 7ff6ac3c60a4-7ff6ac3c60e9 CloseHandle CreateFileW 373->375 377 7ff6ac3c611e-7ff6ac3c6133 375->377 378 7ff6ac3c60eb-7ff6ac3c6119 GetLastError call 7ff6ac3b43b8 call 7ff6ac3b6e3c 375->378 377->372 378->377
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                  • Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                  • Instruction ID: 56ddc5c6a6e42c2d7b95076c05a4dc68f90575d109f872c94e552a944048b952
                                                                                                                                                                                  • Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AC1C237B2AE5286EB14DF69C490AAC3771FB49B98B011235DE2E97795CF38E455C300
                                                                                                                                                                                  Function 00007FF6AC3A6780 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTempPathW.KERNEL32(?,00000000,?,00007FF6AC3A674D), ref: 00007FF6AC3A681A
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A6990: GetEnvironmentVariableW.KERNEL32(00007FF6AC3A36E7), ref: 00007FF6AC3A69CA
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A6990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6AC3A69E7
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B66B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3B66CD
                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF6AC3A68D1
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2770: MessageBoxW.USER32 ref: 00007FF6AC3A2841
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                  • API String ID: 3752271684-1116378104
                                                                                                                                                                                  • Opcode ID: c86de968792cba4550a435ae59fd4844537b2d76431d84bd9114db987b00a07b
                                                                                                                                                                                  • Instruction ID: 771f94bf6903326e28b6dcbc28028c187b3cdbc6b5cf88d7bd687b22365bf28a
                                                                                                                                                                                  • Opcode Fuzzy Hash: c86de968792cba4550a435ae59fd4844537b2d76431d84bd9114db987b00a07b
                                                                                                                                                                                  • Instruction Fuzzy Hash: D251CE25F1FE5290FE58BB36A955AFA52619F89BC0F444034EC0EC7B87ED2EE4028700
                                                                                                                                                                                  Function 00007FF6AC3C509C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 773 7ff6ac3c509c-7ff6ac3c50d1 call 7ff6ac3c47a8 call 7ff6ac3c47b0 call 7ff6ac3c4818 780 7ff6ac3c520f-7ff6ac3c527d call 7ff6ac3b9dd0 call 7ff6ac3c06b8 773->780 781 7ff6ac3c50d7-7ff6ac3c50e2 call 7ff6ac3c47b8 773->781 792 7ff6ac3c527f-7ff6ac3c5286 780->792 793 7ff6ac3c528b-7ff6ac3c528e 780->793 781->780 787 7ff6ac3c50e8-7ff6ac3c50f3 call 7ff6ac3c47e8 781->787 787->780 794 7ff6ac3c50f9-7ff6ac3c511c call 7ff6ac3b9e18 GetTimeZoneInformation 787->794 796 7ff6ac3c531b-7ff6ac3c531e 792->796 797 7ff6ac3c5290 793->797 798 7ff6ac3c52c5-7ff6ac3c52d8 call 7ff6ac3bcacc 793->798 803 7ff6ac3c51e4-7ff6ac3c520e call 7ff6ac3c47a0 call 7ff6ac3c4790 call 7ff6ac3c4798 794->803 804 7ff6ac3c5122-7ff6ac3c5143 794->804 800 7ff6ac3c5293 796->800 801 7ff6ac3c5324-7ff6ac3c532c call 7ff6ac3c4e20 796->801 797->800 809 7ff6ac3c52e3-7ff6ac3c52fe call 7ff6ac3c06b8 798->809 810 7ff6ac3c52da 798->810 805 7ff6ac3c5298-7ff6ac3c52c4 call 7ff6ac3b9e18 call 7ff6ac3aad80 800->805 806 7ff6ac3c5293 call 7ff6ac3c509c 800->806 801->805 811 7ff6ac3c514e-7ff6ac3c5155 804->811 812 7ff6ac3c5145-7ff6ac3c514b 804->812 806->805 829 7ff6ac3c5300-7ff6ac3c5303 809->829 830 7ff6ac3c5305-7ff6ac3c5317 call 7ff6ac3b9e18 809->830 816 7ff6ac3c52dc-7ff6ac3c52e1 call 7ff6ac3b9e18 810->816 818 7ff6ac3c5169 811->818 819 7ff6ac3c5157-7ff6ac3c515f 811->819 812->811 816->797 826 7ff6ac3c516b-7ff6ac3c51df call 7ff6ac3ac210 * 4 call 7ff6ac3c1c7c call 7ff6ac3c5334 * 2 818->826 819->818 824 7ff6ac3c5161-7ff6ac3c5167 819->824 824->826 826->803 829->816 830->796
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50CA
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3C4818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3C482C
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50DB
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3C47B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3C47CC
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50EC
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3C47E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3C47FC
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: RtlFreeHeap.NTDLL(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E2E
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: GetLastError.KERNEL32(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E38
                                                                                                                                                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6AC3C532C), ref: 00007FF6AC3C5113
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                  • API String ID: 3458911817-239921721
                                                                                                                                                                                  • Opcode ID: 74e2aae664cff904285b8cceaf5bd78e264b53cf78d1017760ee0a7f729cca6e
                                                                                                                                                                                  • Instruction ID: 199a3eda209a89f49821e3af6857395eb80d358e9ca250c8ad1c061ad6b30fc0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 74e2aae664cff904285b8cceaf5bd78e264b53cf78d1017760ee0a7f729cca6e
                                                                                                                                                                                  • Instruction Fuzzy Hash: E8519032A1EE5286EB20DF21E9809BD77A0FB89784F444136EA5DC7696DF3CF4058B40
                                                                                                                                                                                  Function 00007FF6AC3BFA08 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1010374628-0
                                                                                                                                                                                  • Opcode ID: df948db6aeaed1350f05030fbffae3bb7efd9396422e9e7f8df9169716b4d3fe
                                                                                                                                                                                  • Instruction ID: 77476485b9462a5fda8bc78dbdbec94d4cfcf07c368030034bd70967016efd8f
                                                                                                                                                                                  • Opcode Fuzzy Hash: df948db6aeaed1350f05030fbffae3bb7efd9396422e9e7f8df9169716b4d3fe
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C02CF26B0FF5341FA64AB25A410EBD6690AF4ABA0F445635ED6EC73D3DE3CE8118704
                                                                                                                                                                                  Function 00007FF6AC3A17B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                  • API String ID: 2153230061-4158440160
                                                                                                                                                                                  • Opcode ID: ab13d4d2dbc0f70eb0f270392da064b58bbed24db149a11cc4257c3fb256cbe2
                                                                                                                                                                                  • Instruction ID: 9d3393dee066e7bf30e202c97db6a49474b973522f7fa964824320fd6b2b481c
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab13d4d2dbc0f70eb0f270392da064b58bbed24db149a11cc4257c3fb256cbe2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 66515972A0BE0686EF54DF28D490A7C33A0EB88B48B518139DA0DC7799DF3DE564CB44
                                                                                                                                                                                  Function 00007FF6AC3A1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 53 7ff6ac3a1440-7ff6ac3a1457 call 7ff6ac3a6720 56 7ff6ac3a1462-7ff6ac3a1485 call 7ff6ac3a6a40 53->56 57 7ff6ac3a1459-7ff6ac3a1461 53->57 60 7ff6ac3a14a7-7ff6ac3a14ad 56->60 61 7ff6ac3a1487-7ff6ac3a14a2 call 7ff6ac3a24d0 56->61 63 7ff6ac3a14af-7ff6ac3a14ba call 7ff6ac3a3cb0 60->63 64 7ff6ac3a14e0-7ff6ac3a14f4 call 7ff6ac3af934 60->64 68 7ff6ac3a1635-7ff6ac3a1647 61->68 69 7ff6ac3a14bf-7ff6ac3a14c5 63->69 72 7ff6ac3a1516-7ff6ac3a151a 64->72 73 7ff6ac3a14f6-7ff6ac3a1511 call 7ff6ac3a24d0 64->73 69->64 71 7ff6ac3a14c7-7ff6ac3a14db call 7ff6ac3a2770 69->71 82 7ff6ac3a1617-7ff6ac3a161d 71->82 74 7ff6ac3a1534-7ff6ac3a1554 call 7ff6ac3b40b0 72->74 75 7ff6ac3a151c-7ff6ac3a1528 call 7ff6ac3a1050 72->75 73->82 85 7ff6ac3a1575-7ff6ac3a157b 74->85 86 7ff6ac3a1556-7ff6ac3a1570 call 7ff6ac3a24d0 74->86 83 7ff6ac3a152d-7ff6ac3a152f 75->83 87 7ff6ac3a161f call 7ff6ac3af2ac 82->87 88 7ff6ac3a162b-7ff6ac3a162e call 7ff6ac3af2ac 82->88 83->82 92 7ff6ac3a1581-7ff6ac3a1586 85->92 93 7ff6ac3a1605-7ff6ac3a1608 call 7ff6ac3b409c 85->93 99 7ff6ac3a160d-7ff6ac3a1612 86->99 94 7ff6ac3a1624 87->94 95 7ff6ac3a1633 88->95 98 7ff6ac3a1590-7ff6ac3a15b2 call 7ff6ac3af5fc 92->98 93->99 94->88 95->68 102 7ff6ac3a15e5-7ff6ac3a15ec 98->102 103 7ff6ac3a15b4-7ff6ac3a15cc call 7ff6ac3afd3c 98->103 99->82 105 7ff6ac3a15f3-7ff6ac3a15fb call 7ff6ac3a24d0 102->105 108 7ff6ac3a15ce-7ff6ac3a15d1 103->108 109 7ff6ac3a15d5-7ff6ac3a15e3 103->109 112 7ff6ac3a1600 105->112 108->98 111 7ff6ac3a15d3 108->111 109->105 111->112 112->93
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                  • API String ID: 0-666925554
                                                                                                                                                                                  • Opcode ID: 89681c1863c1c4646b6b5c329e7ab600a5351796998e0ec0a776626e7f19aaa7
                                                                                                                                                                                  • Instruction ID: 3dfabf354c9f6b4d46e06df0b98cff813539f29b846d3e3b7ec2f6caaae3042b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 89681c1863c1c4646b6b5c329e7ab600a5351796998e0ec0a776626e7f19aaa7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8851AC61B0EE4281EE20DB11E444EB973A0AF85BD4F444131DE5DC7BA6EE3EE5698300
                                                                                                                                                                                  Function 00007FF6AC3A78A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                  • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                  • API String ID: 4998090-2855260032
                                                                                                                                                                                  • Opcode ID: 2e28230f75d657313d5b30c4cdf08458408b558478e57b477a7299d9920cfa6e
                                                                                                                                                                                  • Instruction ID: 1c061aafe7ca6d027332a7deecbffbee793dd4cc9fc7c796e492d836cf179a1b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e28230f75d657313d5b30c4cdf08458408b558478e57b477a7299d9920cfa6e
                                                                                                                                                                                  • Instruction Fuzzy Hash: DF417C3261DE8282EB509F24E484ABA7361FBC5794F440235EA9EC76E5DF3DE548CB40
                                                                                                                                                                                  Function 00007FF6AC3A6FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                  • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                  • API String ID: 2895956056-3524285272
                                                                                                                                                                                  • Opcode ID: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                                                                                                                                                  • Instruction ID: 9ddc5a6a2d2f3e83a1a1b2f17d5f44fd2a97e40bb2c83a48aa92d009e388c874
                                                                                                                                                                                  • Opcode Fuzzy Hash: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9413232A09F8286DB209B60F4556AAB3A4FBD5364F400335E6AD87BD6DF7CE4548B40
                                                                                                                                                                                  Function 00007FF6AC3A1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 383 7ff6ac3a1000-7ff6ac3a3686 call 7ff6ac3af080 call 7ff6ac3af078 call 7ff6ac3a7600 call 7ff6ac3af078 call 7ff6ac3aadb0 call 7ff6ac3b4270 call 7ff6ac3b4f14 call 7ff6ac3a1af0 401 7ff6ac3a379a 383->401 402 7ff6ac3a368c-7ff6ac3a369b call 7ff6ac3a3ba0 383->402 403 7ff6ac3a379f-7ff6ac3a37bf call 7ff6ac3aad80 401->403 402->401 408 7ff6ac3a36a1-7ff6ac3a36b4 call 7ff6ac3a3a70 402->408 408->401 411 7ff6ac3a36ba-7ff6ac3a36cd call 7ff6ac3a3b20 408->411 411->401 414 7ff6ac3a36d3-7ff6ac3a36fa call 7ff6ac3a6990 411->414 417 7ff6ac3a373c-7ff6ac3a3764 call 7ff6ac3a6f90 call 7ff6ac3a19d0 414->417 418 7ff6ac3a36fc-7ff6ac3a370b call 7ff6ac3a6990 414->418 428 7ff6ac3a376a-7ff6ac3a3780 call 7ff6ac3a19d0 417->428 429 7ff6ac3a384d-7ff6ac3a385e 417->429 418->417 424 7ff6ac3a370d-7ff6ac3a3713 418->424 426 7ff6ac3a371f-7ff6ac3a3739 call 7ff6ac3b409c call 7ff6ac3a6f90 424->426 427 7ff6ac3a3715-7ff6ac3a371d 424->427 426->417 427->426 440 7ff6ac3a37c0-7ff6ac3a37c3 428->440 441 7ff6ac3a3782-7ff6ac3a3795 call 7ff6ac3a2770 428->441 433 7ff6ac3a3860-7ff6ac3a386a call 7ff6ac3a3280 429->433 434 7ff6ac3a3873-7ff6ac3a388b call 7ff6ac3a7a30 429->434 448 7ff6ac3a38ab-7ff6ac3a38b8 call 7ff6ac3a5e40 433->448 449 7ff6ac3a386c 433->449 444 7ff6ac3a389e-7ff6ac3a38a5 SetDllDirectoryW 434->444 445 7ff6ac3a388d-7ff6ac3a3899 call 7ff6ac3a2770 434->445 440->429 447 7ff6ac3a37c9-7ff6ac3a37e0 call 7ff6ac3a3cb0 440->447 441->401 444->448 445->401 456 7ff6ac3a37e2-7ff6ac3a37e5 447->456 457 7ff6ac3a37e7-7ff6ac3a3813 call 7ff6ac3a7200 447->457 458 7ff6ac3a3906-7ff6ac3a390b call 7ff6ac3a5dc0 448->458 459 7ff6ac3a38ba-7ff6ac3a38ca call 7ff6ac3a5ae0 448->459 449->434 460 7ff6ac3a3822-7ff6ac3a3838 call 7ff6ac3a2770 456->460 468 7ff6ac3a3815-7ff6ac3a381d call 7ff6ac3af2ac 457->468 469 7ff6ac3a383d-7ff6ac3a384b 457->469 466 7ff6ac3a3910-7ff6ac3a3913 458->466 459->458 473 7ff6ac3a38cc-7ff6ac3a38db call 7ff6ac3a5640 459->473 460->401 471 7ff6ac3a39c6-7ff6ac3a39d5 call 7ff6ac3a3110 466->471 472 7ff6ac3a3919-7ff6ac3a3926 466->472 468->460 469->433 471->401 485 7ff6ac3a39db-7ff6ac3a3a12 call 7ff6ac3a6f20 call 7ff6ac3a6990 call 7ff6ac3a53e0 471->485 476 7ff6ac3a3930-7ff6ac3a393a 472->476 483 7ff6ac3a38dd-7ff6ac3a38e9 call 7ff6ac3a55d0 473->483 484 7ff6ac3a38fc-7ff6ac3a3901 call 7ff6ac3a5890 473->484 480 7ff6ac3a3943-7ff6ac3a3945 476->480 481 7ff6ac3a393c-7ff6ac3a3941 476->481 486 7ff6ac3a3991-7ff6ac3a39c1 call 7ff6ac3a3270 call 7ff6ac3a30b0 call 7ff6ac3a3260 call 7ff6ac3a5890 call 7ff6ac3a5dc0 480->486 487 7ff6ac3a3947-7ff6ac3a396a call 7ff6ac3a1b30 480->487 481->476 481->480 483->484 498 7ff6ac3a38eb-7ff6ac3a38fa call 7ff6ac3a5c90 483->498 484->458 485->401 510 7ff6ac3a3a18-7ff6ac3a3a2b call 7ff6ac3a3270 call 7ff6ac3a6fd0 485->510 486->403 487->401 497 7ff6ac3a3970-7ff6ac3a397b 487->497 501 7ff6ac3a3980-7ff6ac3a398f 497->501 498->466 501->486 501->501 518 7ff6ac3a3a30-7ff6ac3a3a4d call 7ff6ac3a5890 call 7ff6ac3a5dc0 510->518 523 7ff6ac3a3a4f-7ff6ac3a3a52 call 7ff6ac3a6c90 518->523 524 7ff6ac3a3a57-7ff6ac3a3a61 call 7ff6ac3a1ab0 518->524 523->524 524->403
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A3BA0: GetModuleFileNameW.KERNEL32(?,00007FF6AC3A3699), ref: 00007FF6AC3A3BD1
                                                                                                                                                                                  • SetDllDirectoryW.KERNEL32 ref: 00007FF6AC3A38A5
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A6990: GetEnvironmentVariableW.KERNEL32(00007FF6AC3A36E7), ref: 00007FF6AC3A69CA
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A6990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6AC3A69E7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                  • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                  • API String ID: 2344891160-3602715111
                                                                                                                                                                                  • Opcode ID: 104acf457c9727ee71317e1ea522d3c3f94fcac2246deb33245bf18bb8df501a
                                                                                                                                                                                  • Instruction ID: 9c572362e3c61a1c7dee99a034b7ed572ae41953a1f4c78e0a5119f3482c3585
                                                                                                                                                                                  • Opcode Fuzzy Hash: 104acf457c9727ee71317e1ea522d3c3f94fcac2246deb33245bf18bb8df501a
                                                                                                                                                                                  • Instruction Fuzzy Hash: F6B1C562B1FE8351EEA4AB25D850AFD6390BFC4784F404135EA4DC7696EF2EE5248740
                                                                                                                                                                                  Function 00007FF6AC3A1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 528 7ff6ac3a1050-7ff6ac3a10ab call 7ff6ac3aa610 531 7ff6ac3a10d3-7ff6ac3a10eb call 7ff6ac3b40b0 528->531 532 7ff6ac3a10ad-7ff6ac3a10d2 call 7ff6ac3a2770 528->532 537 7ff6ac3a1109-7ff6ac3a1119 call 7ff6ac3b40b0 531->537 538 7ff6ac3a10ed-7ff6ac3a1104 call 7ff6ac3a24d0 531->538 544 7ff6ac3a1137-7ff6ac3a1147 537->544 545 7ff6ac3a111b-7ff6ac3a1132 call 7ff6ac3a24d0 537->545 543 7ff6ac3a126c-7ff6ac3a1281 call 7ff6ac3aa2f0 call 7ff6ac3b409c * 2 538->543 561 7ff6ac3a1286-7ff6ac3a12a0 543->561 547 7ff6ac3a1150-7ff6ac3a1175 call 7ff6ac3af5fc 544->547 545->543 554 7ff6ac3a125e 547->554 555 7ff6ac3a117b-7ff6ac3a1185 call 7ff6ac3af370 547->555 557 7ff6ac3a1264 554->557 555->554 562 7ff6ac3a118b-7ff6ac3a1197 555->562 557->543 563 7ff6ac3a11a0-7ff6ac3a11c8 call 7ff6ac3a8a60 562->563 566 7ff6ac3a1241-7ff6ac3a125c call 7ff6ac3a2770 563->566 567 7ff6ac3a11ca-7ff6ac3a11cd 563->567 566->557 568 7ff6ac3a11cf-7ff6ac3a11d9 567->568 569 7ff6ac3a123c 567->569 571 7ff6ac3a1203-7ff6ac3a1206 568->571 572 7ff6ac3a11db-7ff6ac3a11e8 call 7ff6ac3afd3c 568->572 569->566 575 7ff6ac3a1219-7ff6ac3a121e 571->575 576 7ff6ac3a1208-7ff6ac3a1216 call 7ff6ac3abb60 571->576 577 7ff6ac3a11ed-7ff6ac3a11f0 572->577 575->563 579 7ff6ac3a1220-7ff6ac3a1223 575->579 576->575 582 7ff6ac3a11fe-7ff6ac3a1201 577->582 583 7ff6ac3a11f2-7ff6ac3a11fc call 7ff6ac3af370 577->583 580 7ff6ac3a1225-7ff6ac3a1228 579->580 581 7ff6ac3a1237-7ff6ac3a123a 579->581 580->566 585 7ff6ac3a122a-7ff6ac3a1232 580->585 581->557 582->566 583->575 583->582 585->547
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                  • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                  • API String ID: 2030045667-1655038675
                                                                                                                                                                                  • Opcode ID: 25c9c53a6fea0ccbab253af0e80c0d64993a775ba4eb7ba4189e9803eb7794a7
                                                                                                                                                                                  • Instruction ID: c41fd381014a871dacebe093299bce554cab7aa453d30f96d7df32b636ad40a3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 25c9c53a6fea0ccbab253af0e80c0d64993a775ba4eb7ba4189e9803eb7794a7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1851CE22A0EE8285EE609B51E440BBA73A0FBC4794F444131DE4DC778AEF3EE565C740
                                                                                                                                                                                  Function 00007FF6AC3BAF2C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 660 7ff6ac3baf2c-7ff6ac3baf52 661 7ff6ac3baf54-7ff6ac3baf68 call 7ff6ac3b4424 call 7ff6ac3b4444 660->661 662 7ff6ac3baf6d-7ff6ac3baf71 660->662 678 7ff6ac3bb35e 661->678 664 7ff6ac3bb347-7ff6ac3bb353 call 7ff6ac3b4424 call 7ff6ac3b4444 662->664 665 7ff6ac3baf77-7ff6ac3baf7e 662->665 681 7ff6ac3bb359 call 7ff6ac3b9db0 664->681 665->664 667 7ff6ac3baf84-7ff6ac3bafb2 665->667 667->664 670 7ff6ac3bafb8-7ff6ac3bafbf 667->670 673 7ff6ac3bafc1-7ff6ac3bafd3 call 7ff6ac3b4424 call 7ff6ac3b4444 670->673 674 7ff6ac3bafd8-7ff6ac3bafdb 670->674 673->681 676 7ff6ac3bafe1-7ff6ac3bafe7 674->676 677 7ff6ac3bb343-7ff6ac3bb345 674->677 676->677 683 7ff6ac3bafed-7ff6ac3baff0 676->683 682 7ff6ac3bb361-7ff6ac3bb378 677->682 678->682 681->678 683->673 687 7ff6ac3baff2-7ff6ac3bb017 683->687 689 7ff6ac3bb019-7ff6ac3bb01b 687->689 690 7ff6ac3bb04a-7ff6ac3bb051 687->690 693 7ff6ac3bb042-7ff6ac3bb048 689->693 694 7ff6ac3bb01d-7ff6ac3bb024 689->694 691 7ff6ac3bb053-7ff6ac3bb07b call 7ff6ac3bcacc call 7ff6ac3b9e18 * 2 690->691 692 7ff6ac3bb026-7ff6ac3bb03d call 7ff6ac3b4424 call 7ff6ac3b4444 call 7ff6ac3b9db0 690->692 721 7ff6ac3bb098-7ff6ac3bb0c3 call 7ff6ac3bb754 691->721 722 7ff6ac3bb07d-7ff6ac3bb093 call 7ff6ac3b4444 call 7ff6ac3b4424 691->722 726 7ff6ac3bb1d0 692->726 695 7ff6ac3bb0c8-7ff6ac3bb0df 693->695 694->692 694->693 698 7ff6ac3bb0e1-7ff6ac3bb0e9 695->698 699 7ff6ac3bb15a-7ff6ac3bb164 call 7ff6ac3c2a3c 695->699 698->699 702 7ff6ac3bb0eb-7ff6ac3bb0ed 698->702 712 7ff6ac3bb1ee 699->712 713 7ff6ac3bb16a-7ff6ac3bb17f 699->713 702->699 706 7ff6ac3bb0ef-7ff6ac3bb105 702->706 706->699 710 7ff6ac3bb107-7ff6ac3bb113 706->710 710->699 715 7ff6ac3bb115-7ff6ac3bb117 710->715 717 7ff6ac3bb1f3-7ff6ac3bb213 ReadFile 712->717 713->712 718 7ff6ac3bb181-7ff6ac3bb193 GetConsoleMode 713->718 715->699 720 7ff6ac3bb119-7ff6ac3bb131 715->720 723 7ff6ac3bb219-7ff6ac3bb221 717->723 724 7ff6ac3bb30d-7ff6ac3bb316 GetLastError 717->724 718->712 725 7ff6ac3bb195-7ff6ac3bb19d 718->725 720->699 731 7ff6ac3bb133-7ff6ac3bb13f 720->731 721->695 722->726 723->724 733 7ff6ac3bb227 723->733 728 7ff6ac3bb333-7ff6ac3bb336 724->728 729 7ff6ac3bb318-7ff6ac3bb32e call 7ff6ac3b4444 call 7ff6ac3b4424 724->729 725->717 727 7ff6ac3bb19f-7ff6ac3bb1c1 ReadConsoleW 725->727 730 7ff6ac3bb1d3-7ff6ac3bb1dd call 7ff6ac3b9e18 726->730 735 7ff6ac3bb1c3 GetLastError 727->735 736 7ff6ac3bb1e2-7ff6ac3bb1ec 727->736 740 7ff6ac3bb1c9-7ff6ac3bb1cb call 7ff6ac3b43b8 728->740 741 7ff6ac3bb33c-7ff6ac3bb33e 728->741 729->726 730->682 731->699 739 7ff6ac3bb141-7ff6ac3bb143 731->739 743 7ff6ac3bb22e-7ff6ac3bb243 733->743 735->740 736->743 739->699 748 7ff6ac3bb145-7ff6ac3bb155 739->748 740->726 741->730 743->730 750 7ff6ac3bb245-7ff6ac3bb250 743->750 748->699 753 7ff6ac3bb252-7ff6ac3bb26b call 7ff6ac3bab44 750->753 754 7ff6ac3bb277-7ff6ac3bb27f 750->754 760 7ff6ac3bb270-7ff6ac3bb272 753->760 756 7ff6ac3bb281-7ff6ac3bb293 754->756 757 7ff6ac3bb2fb-7ff6ac3bb308 call 7ff6ac3ba984 754->757 761 7ff6ac3bb2ee-7ff6ac3bb2f6 756->761 762 7ff6ac3bb295 756->762 757->760 760->730 761->730 764 7ff6ac3bb29a-7ff6ac3bb2a1 762->764 765 7ff6ac3bb2a3-7ff6ac3bb2a7 764->765 766 7ff6ac3bb2dd-7ff6ac3bb2e8 764->766 767 7ff6ac3bb2c3 765->767 768 7ff6ac3bb2a9-7ff6ac3bb2b0 765->768 766->761 770 7ff6ac3bb2c9-7ff6ac3bb2d9 767->770 768->767 769 7ff6ac3bb2b2-7ff6ac3bb2b6 768->769 769->767 771 7ff6ac3bb2b8-7ff6ac3bb2c1 769->771 770->764 772 7ff6ac3bb2db 770->772 771->770 772->761
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: 184652ea66a00c646f0d6e367f8fa0d47b8fb75159f9cd0cc9461bb9675fa9ff
                                                                                                                                                                                  • Instruction ID: 8e70a676c943fcbff58d1045c34dbd5d7d7effde0178d546c88f796cc99649c3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 184652ea66a00c646f0d6e367f8fa0d47b8fb75159f9cd0cc9461bb9675fa9ff
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DC1F222A0EF8691EB609B15A440ABE7BA4FF81BC4F550131DA4E87793CF7CE859C340
                                                                                                                                                                                  Function 00007FF6AC3BC430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 850 7ff6ac3bc430-7ff6ac3bc455 851 7ff6ac3bc723 850->851 852 7ff6ac3bc45b-7ff6ac3bc45e 850->852 855 7ff6ac3bc725-7ff6ac3bc735 851->855 853 7ff6ac3bc460-7ff6ac3bc492 call 7ff6ac3b9ce4 852->853 854 7ff6ac3bc497-7ff6ac3bc4c3 852->854 853->855 857 7ff6ac3bc4ce-7ff6ac3bc4d4 854->857 858 7ff6ac3bc4c5-7ff6ac3bc4cc 854->858 860 7ff6ac3bc4e4-7ff6ac3bc4f9 call 7ff6ac3c2a3c 857->860 861 7ff6ac3bc4d6-7ff6ac3bc4df call 7ff6ac3bb7f0 857->861 858->853 858->857 865 7ff6ac3bc4ff-7ff6ac3bc508 860->865 866 7ff6ac3bc613-7ff6ac3bc61c 860->866 861->860 865->866 869 7ff6ac3bc50e-7ff6ac3bc512 865->869 867 7ff6ac3bc670-7ff6ac3bc695 WriteFile 866->867 868 7ff6ac3bc61e-7ff6ac3bc624 866->868 870 7ff6ac3bc6a0 867->870 871 7ff6ac3bc697-7ff6ac3bc69d GetLastError 867->871 872 7ff6ac3bc626-7ff6ac3bc629 868->872 873 7ff6ac3bc65c-7ff6ac3bc66e call 7ff6ac3bbee8 868->873 874 7ff6ac3bc514-7ff6ac3bc51c call 7ff6ac3b3a20 869->874 875 7ff6ac3bc523-7ff6ac3bc52e 869->875 879 7ff6ac3bc6a3 870->879 871->870 880 7ff6ac3bc648-7ff6ac3bc65a call 7ff6ac3bc108 872->880 881 7ff6ac3bc62b-7ff6ac3bc62e 872->881 894 7ff6ac3bc600-7ff6ac3bc607 873->894 874->875 876 7ff6ac3bc530-7ff6ac3bc539 875->876 877 7ff6ac3bc53f-7ff6ac3bc554 GetConsoleMode 875->877 876->866 876->877 884 7ff6ac3bc60c 877->884 885 7ff6ac3bc55a-7ff6ac3bc560 877->885 887 7ff6ac3bc6a8 879->887 880->894 888 7ff6ac3bc6b4-7ff6ac3bc6be 881->888 889 7ff6ac3bc634-7ff6ac3bc646 call 7ff6ac3bbfec 881->889 884->866 892 7ff6ac3bc5e9-7ff6ac3bc5fb call 7ff6ac3bba70 885->892 893 7ff6ac3bc566-7ff6ac3bc569 885->893 895 7ff6ac3bc6ad 887->895 896 7ff6ac3bc6c0-7ff6ac3bc6c5 888->896 897 7ff6ac3bc71c-7ff6ac3bc721 888->897 889->894 892->894 900 7ff6ac3bc574-7ff6ac3bc582 893->900 901 7ff6ac3bc56b-7ff6ac3bc56e 893->901 894->887 895->888 902 7ff6ac3bc6f3-7ff6ac3bc6fd 896->902 903 7ff6ac3bc6c7-7ff6ac3bc6ca 896->903 897->855 907 7ff6ac3bc5e0-7ff6ac3bc5e4 900->907 908 7ff6ac3bc584 900->908 901->895 901->900 905 7ff6ac3bc6ff-7ff6ac3bc702 902->905 906 7ff6ac3bc704-7ff6ac3bc713 902->906 909 7ff6ac3bc6e3-7ff6ac3bc6ee call 7ff6ac3b4400 903->909 910 7ff6ac3bc6cc-7ff6ac3bc6db 903->910 905->851 905->906 906->897 907->879 912 7ff6ac3bc588-7ff6ac3bc59f call 7ff6ac3c2b08 908->912 909->902 910->909 916 7ff6ac3bc5a1-7ff6ac3bc5ad 912->916 917 7ff6ac3bc5d7-7ff6ac3bc5dd GetLastError 912->917 918 7ff6ac3bc5af-7ff6ac3bc5c1 call 7ff6ac3c2b08 916->918 919 7ff6ac3bc5cc-7ff6ac3bc5d3 916->919 917->907 918->917 923 7ff6ac3bc5c3-7ff6ac3bc5ca 918->923 919->907 920 7ff6ac3bc5d5 919->920 920->912 923->919
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6AC3BC41B), ref: 00007FF6AC3BC54C
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6AC3BC41B), ref: 00007FF6AC3BC5D7
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                  • Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                  • Instruction ID: 8c95c24d9f1acee99ae500b86d17ce7e6a35d738dbfc350b239e663778e611cf
                                                                                                                                                                                  • Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0191D572F1AE5289F7708F65A440ABD2BA0BB44B88F14513ADE0EE7686DF38E445C700
                                                                                                                                                                                  Function 00007FF6AC3BE8DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                  • Opcode ID: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                                                                                                                                                  • Instruction ID: 9bb3ce0bc6649c0ff61081f3c26de5c19ba3dbcaf3681efe5d3b85329b724380
                                                                                                                                                                                  • Opcode Fuzzy Hash: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B51F572F06E218AFB14DB6C9951ABC27A5BF41358F544235ED2ED2AE6DF38E4128700
                                                                                                                                                                                  Function 00007FF6AC3B47D4 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2780335769-0
                                                                                                                                                                                  • Opcode ID: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                                                                                                                                                  • Instruction ID: 1d71dc3a339da97d5c6fdff92c854d205d3fe9a06c6c031f9d5f54cd1d0696c4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                                                                                                                                                  • Instruction Fuzzy Hash: 47518D22E1AF519AFB10DFB4D4507BD33A1AB48B98F108534DE4DD768ADF38D8558708
                                                                                                                                                                                  Function 00007FF6AC3AB19C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1452418845-0
                                                                                                                                                                                  • Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                  • Instruction ID: a18026f9750b1ae54b0d32700fabecac24ee55e6e0dbada8f4e7915a411e1935
                                                                                                                                                                                  • Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53313831E0EE0745FE54AB659415BBD2391AFD1388F844035E94EDB2E3DE6EF8258341
                                                                                                                                                                                  Function 00007FF6AC3B4680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                  • Opcode ID: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                                                                                                                                                  • Instruction ID: a66cc8ae0bf08afb556e9538774326b736136abb750bfc5337634b89efcf47f2
                                                                                                                                                                                  • Opcode Fuzzy Hash: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3341D222E19F9293E7148B20950177963A0FF957A4F109334EAAC83AD6DF6CE9E08704
                                                                                                                                                                                  Function 00007FF6AC3AF39C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: e6b31fcbb010569d964db91d6e465c54053a5eb593f9b70391a20bf1ad845ba7
                                                                                                                                                                                  • Instruction ID: c8e5e8fc41df6592979de64a2df36978e62de908288002dc9614320003f17bca
                                                                                                                                                                                  • Opcode Fuzzy Hash: e6b31fcbb010569d964db91d6e465c54053a5eb593f9b70391a20bf1ad845ba7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4551A661B0BE5286EF68DE259400E7E6291AFC8BA8F144734DD6DC77C6CF3ED4218604
                                                                                                                                                                                  Function 00007FF6AC3BB604 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(?,?,?,?,00000000,00007FF6AC3BB79D), ref: 00007FF6AC3BB650
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF6AC3BB79D), ref: 00007FF6AC3BB65A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                  • Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                  • Instruction ID: 3ac490a3fe910bc44f00465804c4a1b919f3fd65b69144128aaecca95d4f009f
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5611C162A19F9281DA108B25F40466DA361BB45BF8F544331EE7D877EADF7CE4158700
                                                                                                                                                                                  Function 00007FF6AC3B497C Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3B4891), ref: 00007FF6AC3B49AF
                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3B4891), ref: 00007FF6AC3B49C5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1707611234-0
                                                                                                                                                                                  • Opcode ID: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                                                                                                                                                  • Instruction ID: 704bd9f9ad7bf416a1ebfac1878be622a0e658960dd6a6c6d96f950ac4900032
                                                                                                                                                                                  • Opcode Fuzzy Hash: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B11AC7260DE5282EB648B15A45147EB7A0FB85771F500235FAAEC1AE8EF2CE458CF04
                                                                                                                                                                                  Function 00007FF6AC3B9E18 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E2E
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E38
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                  • Opcode ID: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                                                                                                                                                  • Instruction ID: 02ec1d2df5c7172bacdb700324b198c2d6555eddad2fd94c6bb1041daf3b6e41
                                                                                                                                                                                  • Opcode Fuzzy Hash: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CE0EC50F0FF1292FF18ABB2A85997912A19F84B80B445434D90ED6253DF2CED598754
                                                                                                                                                                                  Function 00007FF6AC3BA028 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF6AC3B9EA5,?,?,00000000,00007FF6AC3B9F5A), ref: 00007FF6AC3BA096
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6AC3B9EA5,?,?,00000000,00007FF6AC3B9F5A), ref: 00007FF6AC3BA0A0
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                  • Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                  • Instruction ID: 6574dd25c5ca11d618665256fd0d096660c7179c27e6c8d06c882507d97e9acc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF21B421F1EE8241FE549766E594BBD12A1AF84BE4F044235EA2ED77C7CE6CE8458300
                                                                                                                                                                                  Function 00007FF6AC3BB37C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                                                                                                                                                  • Instruction ID: f164bd51f16ae01b362c37da0f05daa5d13643032eef57cdc3ca2831a5403fc8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                                                                                                                                                  • Instruction Fuzzy Hash: ED41E23290AE0187EA34DB19E551A7DB3A0FF96B48F100231D68EC76D2CF2CE402C751
                                                                                                                                                                                  Function 00007FF6AC3A7200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                  • Opcode ID: 7871d6facb585aecc30d74a783d090814975f365ca002a7a4a58adced5aa18d8
                                                                                                                                                                                  • Instruction ID: e4023c35ce3dc2403aaf46cdb417f1e87819c7ab709b8e33d4657898b92731bf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7871d6facb585aecc30d74a783d090814975f365ca002a7a4a58adced5aa18d8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0321E721B0AA9195FE219B126544BFAA651BF86BC4F894430EE4D87782CF3EE152C704
                                                                                                                                                                                  Function 00007FF6AC3BAE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: 47f2cb7360056a46563935c31beadd7a45ae652dec1b657f4a22353b163fa2db
                                                                                                                                                                                  • Instruction ID: 09c8e36a3ead1b89e83bfd9cd2a9ac872eca9b2626fc0c42d0603e026afeb80d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 47f2cb7360056a46563935c31beadd7a45ae652dec1b657f4a22353b163fa2db
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0331C222E2AE5285F751AB15D841BBC76A0AF80BA1F410635EA2D933D3CF7CF841C715
                                                                                                                                                                                  Function 00007FF6AC3B54C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                  • Instruction ID: 346a4c308053e9aaf5be801581c24ad2faaa3bd34d556c88893280d95d7d0d51
                                                                                                                                                                                  • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC116021E1FE8181EE609F51A400ABDE2A0FF85B80F844431EA4CD7B97CF7DD9509B45
                                                                                                                                                                                  Function 00007FF6AC3C575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                  • Instruction ID: a7b261a5bc138db2b6b816700188f2586876d22567a5508a486750473ee619e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                  • Instruction Fuzzy Hash: B921C232A1EE4187DB618F18E480B7D73A0EB84B95F144234EA5D876DADF3DE8548B00
                                                                                                                                                                                  Function 00007FF6AC3AF61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                  • Instruction ID: 561aedcc5f81d001a8d770420082db21a9debac7b76e0b9cad513b95cd12966d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                  • Instruction Fuzzy Hash: E0018421A0AF4241EE04DB5299019BDA695FFCAFE0F488631DE6C97BF6CE3DD4218704
                                                                                                                                                                                  Function 00007FF6AC3B6378 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: 6f6adecfb5bad98c5c42fe003c81079e6b3f0dd6313af18c674d8974214f62bd
                                                                                                                                                                                  • Instruction ID: 1dbeb31cb530ce5f7191e87a96403355133246f07dd41620c5adf0d6c444b625
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f6adecfb5bad98c5c42fe003c81079e6b3f0dd6313af18c674d8974214f62bd
                                                                                                                                                                                  • Instruction Fuzzy Hash: C201B124E0FE9280FE687B276A41A7E52B4AF457A0F140235E95DC26E7CF3CE8518300
                                                                                                                                                                                  Function 00007FF6AC3B66B4 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: 941a86941730833d6478beb8ac9be3d47737e734966101895db6565f81f02151
                                                                                                                                                                                  • Instruction ID: 8bce834f5aca07d15c292f91e12689ff13f84f63e0ab55f4d7988097556a4be9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 941a86941730833d6478beb8ac9be3d47737e734966101895db6565f81f02151
                                                                                                                                                                                  • Instruction Fuzzy Hash: DEE01255E0AF4787FE587BB345C2AB811305F64340F044435D909C72C3DD2CEC549A25
                                                                                                                                                                                  Function 00007FF6AC3BDD40 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF6AC3BA8B6,?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E), ref: 00007FF6AC3BDD95
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                  • Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                  • Instruction ID: 3df31cf8be63eca3e6a0d39c95c6b4bedc5c48052276304208f4fb42957054f7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                  • Instruction Fuzzy Hash: C2F09054B1BE0340FE946B669910BB506905F89B80F0C9438CE8ECE3D7DD3CE4848214
                                                                                                                                                                                  Function 00007FF6AC3BCACC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF6AC3AFE44,?,?,?,00007FF6AC3B1356,?,?,?,?,?,00007FF6AC3B2949), ref: 00007FF6AC3BCB0A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                  • Opcode ID: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                  • Instruction ID: 02786e3a0025e81f49e1d8d19139bbafd1e0663cde1ad656097c39752f8acfa0
                                                                                                                                                                                  • Opcode Fuzzy Hash: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F0F810F1FF4745FE6496B16951E7912905F88BE0F084630DD2EDA2C3EE6CE8809210

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00007FF6AC3A55D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                  • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                  • API String ID: 2238633743-1453502826
                                                                                                                                                                                  • Opcode ID: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                                                                                                                                                  • Instruction ID: 3665cf10fbb949818df7f78578bed1917b28374c9a7bc214c13ad388619a5799
                                                                                                                                                                                  • Opcode Fuzzy Hash: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                                                                                                                                                  • Instruction Fuzzy Hash: 39E1B3B4A0FF2390FE55CB05B9549B823A5BF89794B846035C80E963A8EF7DF56D8310
                                                                                                                                                                                  Function 00007FF6AC3A1B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                  • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                  • API String ID: 2446303242-1601438679
                                                                                                                                                                                  • Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                  • Instruction ID: 76b667236f6e02c8566f6284a3ecd23432f31bf332817a440f7bec2995346f69
                                                                                                                                                                                  • Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FA15836219F9187E7148F22E558B9EB360F788B94F50412AEB8D53B24CF7DE169CB40
                                                                                                                                                                                  Function 00007FF6AC3C31CC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                  • API String ID: 808467561-2761157908
                                                                                                                                                                                  • Opcode ID: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
                                                                                                                                                                                  • Instruction ID: 052a005e412fdb80b6778312a8edafceccdd2aa9dce1ce8c251d54a078af7ab0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EB2C472A1DAA28BE7658E69D440FFD77A1FB54388F405135DA0E97A84DF38F908CB40
                                                                                                                                                                                  Function 00007FF6AC3A74B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00007FF6AC3A26A0), ref: 00007FF6AC3A74D7
                                                                                                                                                                                  • FormatMessageW.KERNEL32(00000000,00007FF6AC3A26A0), ref: 00007FF6AC3A7506
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32 ref: 00007FF6AC3A755C
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6AC3A7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A2654
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: MessageBoxW.USER32 ref: 00007FF6AC3A272C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                  • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                  • API String ID: 2920928814-2573406579
                                                                                                                                                                                  • Opcode ID: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                  • Instruction ID: 14e9587918caca6f8a669386340dfe3f6b504567172c5eff8ab30edf858b043d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A219531A0EE4282EB649F20F894BBA73A1FF89385F840035D54DC26A5EF7DE519C740
                                                                                                                                                                                  Function 00007FF6AC3AB69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                  • Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                  • Instruction ID: 24b0954c82c19e4e0903b3e33a8d032daa5869af6c5c784926ccef3b80992f59
                                                                                                                                                                                  • Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: BC31527260AF818AEB609F60E884BED7364FB84748F444439DA4D97B94DF3DD558C710
                                                                                                                                                                                  Function 00007FF6AC3B9AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                  • Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                  • Instruction ID: 7323c498cb5faac51cd5596734aec1f951bf737db29724f39d90caaeeac96feb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                  • Instruction Fuzzy Hash: CE316032A19F8186DB60CF25E8406EE73A4FB88758F500135EA8D83BA5DF3DD559CB40
                                                                                                                                                                                  Function 00007FF6AC3C09B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2227656907-0
                                                                                                                                                                                  • Opcode ID: 1a8060551746b007c23963201f19a9fa9ddec40a19b74045b76b4ab8f762ca91
                                                                                                                                                                                  • Instruction ID: 853903cc626026690940bfc31f6be6d4da3c07a907187b08162378f752146226
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a8060551746b007c23963201f19a9fa9ddec40a19b74045b76b4ab8f762ca91
                                                                                                                                                                                  • Instruction Fuzzy Hash: 54B1C426B1EEE241EA60DB25D404ABD63A0EB54BE4F445132EE5E9BBC5DE3CF449C700
                                                                                                                                                                                  Function 00007FF6AC3C2D30 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1502251526-0
                                                                                                                                                                                  • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                  • Instruction ID: 3364f299b42a5c0270fbd832b92f686f574e153cd70de5484fcb29c191b59dc4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                  • Instruction Fuzzy Hash: A6C1E6B2B1DA968BE764CF19A044AAEB791F784B84F448135DB4A83744DF3DF809CB40
                                                                                                                                                                                  Function 00007FF6AC3C8B68 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 15204871-0
                                                                                                                                                                                  • Opcode ID: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
                                                                                                                                                                                  • Instruction ID: 4ab74df2cf7fbab277b280e6198a30c77f1cbd6cd2eb665897fe4fc0806dbdc7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8B18A7360AB988BEB95CF29C84636C7BE0F784B48F148822DA5D877A4CF79E455C701
                                                                                                                                                                                  Function 00007FF6AC3A7820 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                  • Opcode ID: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
                                                                                                                                                                                  • Instruction ID: 4a77eea85e2e9611ca308837a160b1f5415aaf762ae394a6d20cc5bc0a3ae2d4
                                                                                                                                                                                  • Opcode Fuzzy Hash: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 73F0A432A1EB8186EBA08F60E489BAA7390BB84764F000335D66D426D4DF3CD01DCB00
                                                                                                                                                                                  Function 00007FF6AC3B2C04 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                  • API String ID: 0-227171996
                                                                                                                                                                                  • Opcode ID: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
                                                                                                                                                                                  • Instruction ID: d614082d3b06e9dc5e9a4f9e5021af838b13772ae21c4c5ef18049fd787705b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 71E1E772A0AE4686EB689F29815097D33A0FF45B48F148335DE5E87796DF3AE842C740
                                                                                                                                                                                  Function 00007FF6AC3BD098 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: e+000$gfff
                                                                                                                                                                                  • API String ID: 0-3030954782
                                                                                                                                                                                  • Opcode ID: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
                                                                                                                                                                                  • Instruction ID: 4737f836322aa969251bf7814d4f8ece500a717a4713f0f51370ed329b1241b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A514722B19EC546E7658E35D840B69BB91E784B94F48D231CBAC8FBCACE3DE445C700
                                                                                                                                                                                  Function 00007FF6AC3BCC04 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: gfffffff
                                                                                                                                                                                  • API String ID: 0-1523873471
                                                                                                                                                                                  • Opcode ID: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
                                                                                                                                                                                  • Instruction ID: 902360858e40715c4a450b076297d383a407a845818234c49950ab32404a870d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 64A14862B0AFC586EB31CF29A410BA97B90EB55BC4F148132EE8D87796DE3DE501C701
                                                                                                                                                                                  Function 00007FF6AC3B6F98 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: TMP
                                                                                                                                                                                  • API String ID: 3215553584-3125297090
                                                                                                                                                                                  • Opcode ID: a95fe7b9809f20d24c45d18936c36fa2317ccb405fffb6bad0c56651588825d4
                                                                                                                                                                                  • Instruction ID: f158ed43fb523736a3f9e814ed8e808d40015356a552999c773139f0c301f459
                                                                                                                                                                                  • Opcode Fuzzy Hash: a95fe7b9809f20d24c45d18936c36fa2317ccb405fffb6bad0c56651588825d4
                                                                                                                                                                                  • Instruction Fuzzy Hash: D8519D11B0FF5281FA68AB365911DBA62A0EF86BC4F484435DE0EC77D3EE3CE4568250
                                                                                                                                                                                  Function 00007FF6AC3C25A0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                  • Opcode ID: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
                                                                                                                                                                                  • Instruction ID: af0665fb66ec141019bd209d0bffedd3d45046621da07e495564417c141d9462
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 05B09220E0BE02C2EA082B216C86A1823B47F48B00F990038C00C94320DF2CA4AA5700
                                                                                                                                                                                  Function 00007FF6AC3B2800 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
                                                                                                                                                                                  • Instruction ID: b078db37717788c2c16e6b948d23c11551c6bbc76b3aea8f13af6c180543ed01
                                                                                                                                                                                  • Opcode Fuzzy Hash: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
                                                                                                                                                                                  • Instruction Fuzzy Hash: 79D1DF22A0AE4686EB78CE298450A7D37A0FF45B58F248335CE4DC7696DF3EE855C740
                                                                                                                                                                                  Function 00007FF6AC3A80A0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
                                                                                                                                                                                  • Instruction ID: 09ccd6b8b9e3095903f440e6f49fef78ea3964033041b085417414643c6005e2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EC192722141E08BE689EB29E4698BE73D1F7C930DB94403BEB8747B89CA3CE414D751
                                                                                                                                                                                  Function 00007FF6AC3B1E70 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
                                                                                                                                                                                  • Instruction ID: 276979e0b492aec6cb94621ba93e0e235b5771feff742c238baf97e83fc2e649
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 66B15D72A0AF8589E7658F39C450A7D3BA4F749B48F288235DB4E873A6CF3AD441C750
                                                                                                                                                                                  Function 00007FF6AC3BD718 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
                                                                                                                                                                                  • Instruction ID: 7c4992718fb20f9335669935e59069c7cf0662dfd3980d2b741a2c3e5a182c3b
                                                                                                                                                                                  • Opcode Fuzzy Hash: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4381B472A09F8186EB74CF199441B797A90FB45794F144235DA9E8FB9EDF3DE4408B00
                                                                                                                                                                                  Function 00007FF6AC3C5820 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: 43964b9baea6600a933ee8e1a049a499104490ec7162e6d0a4f8078b6de4c171
                                                                                                                                                                                  • Instruction ID: c4bdca9ba07d84f25d59001f83c8a3a53fd6e9827c174dda037711a43622c396
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43964b9baea6600a933ee8e1a049a499104490ec7162e6d0a4f8078b6de4c171
                                                                                                                                                                                  • Instruction Fuzzy Hash: 64611922F1FEA246FF658A298490F7D6691BF40371F140239D61EC66D5DE7DF808AB00
                                                                                                                                                                                  Function 00007FF6AC3B0FB4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                                                                                                                                                  • Instruction ID: 3cfad2658f25e9f73713b664c1b2163550223acf668d0686f1e195a4d71b517e
                                                                                                                                                                                  • Opcode Fuzzy Hash: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                                                                                                                                                  • Instruction Fuzzy Hash: A851C836A29E9182E7248B29D044B7837A0FB49F68F244131CF4D87796CF7AE953D780
                                                                                                                                                                                  Function 00007FF6AC3B0BA4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                                                                                                                                                  • Instruction ID: 4301299e0c60e18fb6d97617c9c0d3614ed1b7149062396b17f3d0c7c1d0525c
                                                                                                                                                                                  • Opcode Fuzzy Hash: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F5186B6A19E5186E7249F29D040A3D37A0EB44B58F249135CE4D9B7E6DF3AF843C740
                                                                                                                                                                                  Function 00007FF6AC3B13C4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                                                                                                                                                  • Instruction ID: 8fa4c8fc0479d6e98927bdfca942a55f7ee5bc7d337ca95d84de7222147f4d03
                                                                                                                                                                                  • Opcode Fuzzy Hash: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                                                                                                                                                  • Instruction Fuzzy Hash: C0519636A1AE5186E7648B29D040A3977B0EB44B68F245131CF4E97796CF3AE853C780
                                                                                                                                                                                  Function 00007FF6AC3B0DB0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                                                                                                                                                  • Instruction ID: 1bec107914ae4c24e3a31bc1297894ff8c8746a2948b27c683887ac808fc1fc3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                                                                                                                                                  • Instruction Fuzzy Hash: 115182B6B1AE5186E7648B29D040B3C37A1EB48F58F249131DE4D977A6CF3AE853C740
                                                                                                                                                                                  Function 00007FF6AC3B09A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                                                                                                                                                  • Instruction ID: d553bbfa39dcbf6c0262b9c542ba1228a5ecc3cc2a7171399af3c3c2d0315458
                                                                                                                                                                                  • Opcode Fuzzy Hash: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 345183B6B1AE5586E7248B29C050A3C37A1EB45B58F288132CE4D97796DF3AEC43C740
                                                                                                                                                                                  Function 00007FF6AC3B11C0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                                                                                                                                                  • Instruction ID: 4a1a5f4e222c4e19f7682a9f15c59cc4065ec58b5799e64f69b8ff13aa9984c4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18519136A1AE5186E7648B29D040A3C37B1EB45B58F284131CF4D9B79ADF3AE953C740
                                                                                                                                                                                  Function 00007FF6AC3B4F50 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                  • Instruction ID: 0a3eb015033a60bb7f2715387dfd80901a5773259e19f3c45a4fb532422d4477
                                                                                                                                                                                  • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8241B252C4FE4E48FD9689188500FF82680AF62BA1E6852B4DD9BD33D7CD1DE987C245
                                                                                                                                                                                  Function 00007FF6AC3B8BA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                  • Opcode ID: d52a693ca64156346f3ce50e8e1564a69fccf06189b002bdd4e7495fde204544
                                                                                                                                                                                  • Instruction ID: 928884fc4c4b15b62fe99a64b3954e4915de79ea6fa2122a5155e49cba664845
                                                                                                                                                                                  • Opcode Fuzzy Hash: d52a693ca64156346f3ce50e8e1564a69fccf06189b002bdd4e7495fde204544
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1141F472B16E5582EF44CF2AD9549A9B3E1BB88FD0B499436EE0DC7B58DE3CD1468300
                                                                                                                                                                                  Function 00007FF6AC3B6560 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5b1fb2416807606d8469592682f3cd66d2c124cbd77ab7ce6cd68cc56da0e02d
                                                                                                                                                                                  • Instruction ID: a1c3991053f8049f99e5aed387faac4846f43531ea499687bc79a722a8e606b5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b1fb2416807606d8469592682f3cd66d2c124cbd77ab7ce6cd68cc56da0e02d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E31863671AF4282E758AF26644057DB6E5AF88B90F144239EA4DD3BE7DF3CD4128704
                                                                                                                                                                                  Function 00007FF6AC3C89B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
                                                                                                                                                                                  • Instruction ID: 3cbab29784a7397c0a81436bc357d9bcda5a7ba7230f4ad3b7ce1f88d4f0ba13
                                                                                                                                                                                  • Opcode Fuzzy Hash: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 79F09671B196A68BDBA8CF6DA802A2977D0F7087C0F849039E68DC7B04DA3DD4618F14
                                                                                                                                                                                  Function 00007FF6AC3AB880 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
                                                                                                                                                                                  • Instruction ID: 96db4cfe79a84581e5b3817efb14e37fd5aa79c902d84d845eed96557365c6d0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CA00231D0EC56D0EF499B44E8548342374FB90304B800031D40DD20A0DF3DF454D340
                                                                                                                                                                                  Function 00007FF6AC3A3DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                  • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                  • API String ID: 190572456-3109299426
                                                                                                                                                                                  • Opcode ID: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                  • Instruction ID: 391aea9f088292cacc0b3b88ba1d5d09cc78896363549ae08ddefb5438f35367
                                                                                                                                                                                  • Opcode Fuzzy Hash: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC42C164A0FF2791FE95CB09B854DB823A5AF94789B846436C90E86364FF7DF56CC200
                                                                                                                                                                                  Function 00007FF6AC3A2030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                  • String ID: P%
                                                                                                                                                                                  • API String ID: 2147705588-2959514604
                                                                                                                                                                                  • Opcode ID: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                                                                                                                                                  • Instruction ID: c68d07d2836a55ec637f0a35dcde4c0f0bd2d49ddfc08cbe3fe2d093cb56cff4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A510626619BA186D6349F26E4185BAB7A1FB98B61F004121EFDF83794DF3CE049DB10
                                                                                                                                                                                  Function 00007FF6AC3B0228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: f$f$p$p$f
                                                                                                                                                                                  • API String ID: 3215553584-1325933183
                                                                                                                                                                                  • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                  • Instruction ID: fef1b8fcd57a68b0c09234e4e43f099411332effc5a71168bd0e284c86177cd3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F12C7B2E0ED4786FB209A14E154BBA7691FB80750F84C136E699C7AC6DF7CE584CB40
                                                                                                                                                                                  Function 00007FF6AC3A12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                  • API String ID: 2030045667-3659356012
                                                                                                                                                                                  • Opcode ID: c7ed333afb2101e74a27afb5661c4c3c68dd7a63a856e14e0087193916215d6c
                                                                                                                                                                                  • Instruction ID: 37fd414c80ace0fa6405042764967b9ba70b4380ddc30f2c58b9d4b512fb60be
                                                                                                                                                                                  • Opcode Fuzzy Hash: c7ed333afb2101e74a27afb5661c4c3c68dd7a63a856e14e0087193916215d6c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8441A161B0AE5282EE24DB15E440ABAB7A0FF84794F444432DF4D87B95EE3EE556C700
                                                                                                                                                                                  Function 00007FF6AC3ADC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                  • Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                  • Instruction ID: 78530854693f2d09e4de519ab2edf8366411d1644e3b02b9f692e6f20590ad39
                                                                                                                                                                                  • Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 54E16072A09F418AEF20DF65D440AAD77A0FB89798F100535EE9D9BB95DF39E4A0C700
                                                                                                                                                                                  Function 00007FF6AC3BDDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FF6AC3BE152,?,?,00000215B2145958,00007FF6AC3BA223,?,?,?,00007FF6AC3BA11A,?,?,?,00007FF6AC3B5472), ref: 00007FF6AC3BDF34
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000,?,00007FF6AC3BE152,?,?,00000215B2145958,00007FF6AC3BA223,?,?,?,00007FF6AC3BA11A,?,?,?,00007FF6AC3B5472), ref: 00007FF6AC3BDF40
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                  • Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                  • Instruction ID: a2c8a387c5e029e0a415b1b7b9f4636a5804c4f40e542464e4f5c254eb1661a2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                  • Instruction Fuzzy Hash: E541D021B1BE1281FA56CB16A800DB92392BF55BE0F494535ED0EDF789EE3CE8498244
                                                                                                                                                                                  Function 00007FF6AC3A7600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A769F
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A76EF
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                  • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                  • API String ID: 626452242-27947307
                                                                                                                                                                                  • Opcode ID: ff563fd808d69f35f83569dbbc19b7f1e21c5d08308d418d8919d0e7ff1619ab
                                                                                                                                                                                  • Instruction ID: cec314e5f2c470d3e6be5502d6ae65b55f9e0fe0718e16a1140b32dc9b240b86
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff563fd808d69f35f83569dbbc19b7f1e21c5d08308d418d8919d0e7ff1619ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: 74417132A0EF82C1DA20CF15B4805BAB7A5FB85790F584135DA8D87BA5DF3DE465C700
                                                                                                                                                                                  Function 00007FF6AC3A7B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00007FF6AC3A3699), ref: 00007FF6AC3A7B81
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6AC3A7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A2654
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: MessageBoxW.USER32 ref: 00007FF6AC3A272C
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00007FF6AC3A3699), ref: 00007FF6AC3A7BF5
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                  • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                  • API String ID: 3723044601-27947307
                                                                                                                                                                                  • Opcode ID: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                                                                                                                                                  • Instruction ID: 09b6147ed61dde5a3981f42e1e3dde4ae737f520caca99bb9cf4a5f620e45734
                                                                                                                                                                                  • Opcode Fuzzy Hash: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B218971A0EF4295EB10DF26E88087977A1EB85B80F584535CA4DC37A5EFBEE565C300
                                                                                                                                                                                  Function 00007FF6AC3B9264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: f$p$p
                                                                                                                                                                                  • API String ID: 3215553584-1995029353
                                                                                                                                                                                  • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                  • Instruction ID: 3bd314415a998ab9d8e42c7598511707f6c45a369a30f68658bbb9c18995d97f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2912A162E0EF4386FB649B15E054AB976B1FB80754F948035E68BC76C6DF3CE5908B10
                                                                                                                                                                                  Function 00007FF6AC3A7C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                  • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                  • API String ID: 626452242-876015163
                                                                                                                                                                                  • Opcode ID: 290b57ca8453ae885af3ff2fc0035437ec55c1325ab119fe22c2f927501d8716
                                                                                                                                                                                  • Instruction ID: 6b90dca026e40d7ca9bf7a51be283407d114149c859c3459978fb5fed42252eb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 290b57ca8453ae885af3ff2fc0035437ec55c1325ab119fe22c2f927501d8716
                                                                                                                                                                                  • Instruction Fuzzy Hash: A841B332A0EF42C2EA20DF15B4809B9B7A5FB85790F144135DA4D87BA5EF3DE426C700
                                                                                                                                                                                  Function 00007FF6AC3ACEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6AC3AD19A,?,?,?,00007FF6AC3ACE8C,?,?,00000001,00007FF6AC3ACAA9), ref: 00007FF6AC3ACF6D
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6AC3AD19A,?,?,?,00007FF6AC3ACE8C,?,?,00000001,00007FF6AC3ACAA9), ref: 00007FF6AC3ACF7B
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6AC3AD19A,?,?,?,00007FF6AC3ACE8C,?,?,00000001,00007FF6AC3ACAA9), ref: 00007FF6AC3ACFA5
                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF6AC3AD19A,?,?,?,00007FF6AC3ACE8C,?,?,00000001,00007FF6AC3ACAA9), ref: 00007FF6AC3ACFEB
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6AC3AD19A,?,?,?,00007FF6AC3ACE8C,?,?,00000001,00007FF6AC3ACAA9), ref: 00007FF6AC3ACFF7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                  • Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                  • Instruction ID: 6428c346872a8a2ab88c419ec798be2bd94699ff0abf75efeec79f5362f83910
                                                                                                                                                                                  • Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C31C221B1FE5295EE52DF02A400DB963D4FF88BA4F594635ED1E9A380DF3EE4558700
                                                                                                                                                                                  Function 00007FF6AC3A6480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A7A30: MultiByteToWideChar.KERNEL32 ref: 00007FF6AC3A7A6A
                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6AC3A67CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF6AC3A64DF
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2770: MessageBoxW.USER32 ref: 00007FF6AC3A2841
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6AC3A653A
                                                                                                                                                                                  • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6AC3A64B6
                                                                                                                                                                                  • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6AC3A64F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                  • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                  • API String ID: 1662231829-3498232454
                                                                                                                                                                                  • Opcode ID: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                                                                                                                                                  • Instruction ID: 6cf1699e63ff721a409ca8f6f61dd586513f4db920ffc366dc9ab707ac7bc18c
                                                                                                                                                                                  • Opcode Fuzzy Hash: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 09318515B1EF9280FE64A721A555BFA52A1AFD87C0F844031DA4EC37DAEE2EE5188700
                                                                                                                                                                                  Function 00007FF6AC3A7A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32 ref: 00007FF6AC3A7A6A
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6AC3A7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A2654
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: MessageBoxW.USER32 ref: 00007FF6AC3A272C
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32 ref: 00007FF6AC3A7AF0
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                  • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                  • API String ID: 3723044601-876015163
                                                                                                                                                                                  • Opcode ID: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                                                                                                                                                  • Instruction ID: 312a54000d6a96009eadb3f1600b2aed1868e6266c60af59815652ab661a7cf3
                                                                                                                                                                                  • Opcode Fuzzy Hash: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 85218D22B0EE5281EB10CB29F84057AA3A1FB897C4F584131DB4CC3BAAEE2DE5558700
                                                                                                                                                                                  Function 00007FF6AC3BA620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA62F
                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA644
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA665
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA692
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA6A3
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA6B4
                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA6CF
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                  • Opcode ID: bc4e22e4ae8ac4a2f92e8d9626a1b8e49c2e537ba1c7bbdccd89cc94639c2243
                                                                                                                                                                                  • Instruction ID: ab62fc5ccb4f30f38547f6b1af1a4665794f04798ed43d47df0a1fbd83154535
                                                                                                                                                                                  • Opcode Fuzzy Hash: bc4e22e4ae8ac4a2f92e8d9626a1b8e49c2e537ba1c7bbdccd89cc94639c2243
                                                                                                                                                                                  • Instruction Fuzzy Hash: 03216D60F0FE1342FA59A7259655E7962929F44BB0F140B34E83EEB6D7DE2CF8008641
                                                                                                                                                                                  Function 00007FF6AC3C706C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                  • Opcode ID: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                                                                                                                                                  • Instruction ID: eea68d8441b36f60825d58607f2416a77b828f8719df9eebab5bf1c61107c534
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8116D21B1DF618AE7508B56E854B29B2A0FB88FE4F444234EE5DC7794CF7CE8088740
                                                                                                                                                                                  Function 00007FF6AC3BA798 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA7A7
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA7DD
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA80A
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA81B
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA82C
                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA847
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                  • Opcode ID: f3442c603377ac64d26c347936639ea9485a3ab1fa884ea619e165fe2419f329
                                                                                                                                                                                  • Instruction ID: 65b7825fc949498dc4084a21acd29876e42f4a1a09e341cc0e82059c6a9605c8
                                                                                                                                                                                  • Opcode Fuzzy Hash: f3442c603377ac64d26c347936639ea9485a3ab1fa884ea619e165fe2419f329
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61119020F0FE5242FA5497259A4293D61929F88BB0F144734E83EEBAC7DE2CF4028351
                                                                                                                                                                                  Function 00007FF6AC3AC8A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                  • String ID: csm$f
                                                                                                                                                                                  • API String ID: 2395640692-629598281
                                                                                                                                                                                  • Opcode ID: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                                                                                                                                                  • Instruction ID: 8749e147060b2e28e9171ddd3e20203f85e0a0d38839990851f8a0be4fe6f03f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 35518B32B1AA028AEB14DB25F404F793795FB95BC8F518134DE4A87788DF3BE9518B04
                                                                                                                                                                                  Function 00007FF6AC3A2240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                  • String ID: Unhandled exception in script
                                                                                                                                                                                  • API String ID: 3081866767-2699770090
                                                                                                                                                                                  • Opcode ID: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                                                                                                                                                  • Instruction ID: ae77aebd3a6362d48bc28afd131062654566aa43b288ee449e3e30acf3e48c70
                                                                                                                                                                                  • Opcode Fuzzy Hash: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 82313A72A0EE8289EB24EF61E8559F973A0FF89784F440135EA4D8BA5ADF3DD145C700
                                                                                                                                                                                  Function 00007FF6AC3A2620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6AC3A7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A2654
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A74B0: GetLastError.KERNEL32(00000000,00007FF6AC3A26A0), ref: 00007FF6AC3A74D7
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A74B0: FormatMessageW.KERNEL32(00000000,00007FF6AC3A26A0), ref: 00007FF6AC3A7506
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A7A30: MultiByteToWideChar.KERNEL32 ref: 00007FF6AC3A7A6A
                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF6AC3A272C
                                                                                                                                                                                  • MessageBoxA.USER32 ref: 00007FF6AC3A2748
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                  • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                  • API String ID: 2806210788-2410924014
                                                                                                                                                                                  • Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                  • Instruction ID: ba51d4fbb7508ecdbac6fa8e4d0716bcfdd003819306ef30faa5be2b174627ea
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1231527262DE9291EB20DB10E451BEA7364FBC4784F804036EA8D97A99DF3DD719CB40
                                                                                                                                                                                  Function 00007FF6AC3B88E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                  • Opcode ID: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                                                                                                                                                  • Instruction ID: 7656e47d4be5639e4f7b3b8b752db478768fee62009312152c5bdfdd348cdaad
                                                                                                                                                                                  • Opcode Fuzzy Hash: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18F06D61B1BE0282EF108B24E459B7963A0EF897A5F980635CA6E856F4CF3CE149C741
                                                                                                                                                                                  Function 00007FF6AC3C87A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                  • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                  • Instruction ID: bfc7fd5cfdefaa16e0bc0ee0e71fd2250fa4ba8519d1b93a944405e630438749
                                                                                                                                                                                  • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B11BF22E5EF3701F6D42124E491B7D14C16F583A4F050230E97E86AD6DEACFE494142
                                                                                                                                                                                  Function 00007FF6AC3BA860 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3BA87F
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3BA89E
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3BA8C6
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3BA8D7
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3BA8E8
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                  • Opcode ID: 0d48d8bba28394c5a214d14b66ba261f7ca1ee69e187be86b5c4a7e9977807ea
                                                                                                                                                                                  • Instruction ID: d1b7e466b155599f2325697aaff180a511d131623601dbdd5ee6106af15a2801
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d48d8bba28394c5a214d14b66ba261f7ca1ee69e187be86b5c4a7e9977807ea
                                                                                                                                                                                  • Instruction Fuzzy Hash: 09119020F0FF4641FA6993269941A7A61829F847F0F144734E83EEB7C7DE2CF4029651
                                                                                                                                                                                  Function 00007FF6AC3BA6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F), ref: 00007FF6AC3BA705
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F), ref: 00007FF6AC3BA724
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F), ref: 00007FF6AC3BA74C
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F), ref: 00007FF6AC3BA75D
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F), ref: 00007FF6AC3BA76E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                  • Opcode ID: 394ed716a7f2447f20b66a8e260262677f122628b10af1259ab39fd671254f42
                                                                                                                                                                                  • Instruction ID: 7b50baf9a2fd9e9df18724dec6edd703ff92c73ab56edca4c28a082e43db7ac3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 394ed716a7f2447f20b66a8e260262677f122628b10af1259ab39fd671254f42
                                                                                                                                                                                  • Instruction Fuzzy Hash: BC110924F0FE0341F9A9A7758812D7A22A28F45770F180B35D83EEA2D3DD2CF44182A1
                                                                                                                                                                                  Function 00007FF6AC3BF198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                  • Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                  • Instruction ID: 0ee75aad38d102ad2c4f6ea7fb161dcd3a3da98629074431dde2f3f841ac8b36
                                                                                                                                                                                  • Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4681913EE0EE0285F7A55F29C110A7D76A0AF19B88F59A035CA0ED7297DF3DE9019701
                                                                                                                                                                                  Function 00007FF6AC3AE108 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                  • Opcode ID: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                                                                                                                                                  • Instruction ID: b418496adafc095579582a8931d2af5d0d392e506b22ef7483e43f5a4bf0a0b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C616932A09F458AEB208F65D480BAD77A0FB84B88F144225EF5D97B98CF39E065C740
                                                                                                                                                                                  Function 00007FF6AC3AE464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                  • Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                  • Instruction ID: 58b380c61f810788259e29960bced2dbfb25a1ddbb6baa469f03ab8850b564b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                  • Instruction Fuzzy Hash: F551A13290AA4286EF749F159544B6877A0FF95B88F144135EAAC87BE5CF3DE870CB00
                                                                                                                                                                                  Function 00007FF6AC3A24D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                  • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                  • API String ID: 1878133881-2410924014
                                                                                                                                                                                  • Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                  • Instruction ID: b2cc09eaface102b936023573d26ce5e760512624fdd38b051cd7230b33b9378
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                  • Instruction Fuzzy Hash: E431647262DE8191EA20DB10E451BEA7364FFC4784F404036EA8D97699DF3DD719CB40
                                                                                                                                                                                  Function 00007FF6AC3A3BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF6AC3A3699), ref: 00007FF6AC3A3BD1
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6AC3A7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A2654
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: MessageBoxW.USER32 ref: 00007FF6AC3A272C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                  • API String ID: 2581892565-1977442011
                                                                                                                                                                                  • Opcode ID: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                  • Instruction ID: 03ebaa6894188f4f10f0b0aee982a5ae257e9745ec75a4f3d69e5e14a71afcd7
                                                                                                                                                                                  • Opcode Fuzzy Hash: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                  • Instruction Fuzzy Hash: AA01A221B1FE4290FEA1AB24E855BF92291AF9C7C4F400032D84EC6692EE5EF2588700
                                                                                                                                                                                  Function 00007FF6AC3BBA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                  • Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                  • Instruction ID: 9df1bf3fda8eea5e6638bc08c6a0d41c808fa0003a5be8985372049ece155179
                                                                                                                                                                                  • Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                  • Instruction Fuzzy Hash: DBD1F332B1AE8189E721CF75D580AAC37B1FB4479CB004236DE5E97BAADE38D416C740
                                                                                                                                                                                  Function 00007FF6AC3A1F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1956198572-0
                                                                                                                                                                                  • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                  • Instruction ID: 0bc9a472a5ae357a6637289d2341385a4fd27e954f67ed0da7842e8879935ce7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9111EC21E1D95281FA508759F544ABD2292EFC9B80F488131EE4946B9DCE2DD4D54100
                                                                                                                                                                                  Function 00007FF6AC3C4D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                  • Opcode ID: c6b54485bead06bc5539c244e4ab75d05ddcaebff17989ae90453d9827129cd1
                                                                                                                                                                                  • Instruction ID: 3753c8b1c84f1fc6420ec674797cc647f74b11edf69418bb9458f04d33f38890
                                                                                                                                                                                  • Opcode Fuzzy Hash: c6b54485bead06bc5539c244e4ab75d05ddcaebff17989ae90453d9827129cd1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 59412B12A0EBA265FB209B25D405B7E66A0EF80BA4F144235EF5C87AD6DF3CE455C700
                                                                                                                                                                                  Function 00007FF6AC3B7E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3B7E9E
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: RtlFreeHeap.NTDLL(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E2E
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: GetLastError.KERNEL32(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E38
                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6AC3AB105), ref: 00007FF6AC3B7EBC
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                  • API String ID: 3580290477-4039994597
                                                                                                                                                                                  • Opcode ID: 3943842da798c31a181edbdfd7e827be925f8530d91395b67a93139410b16115
                                                                                                                                                                                  • Instruction ID: 97002b3e0bb38b0797eafeee9f06035fb79a5afd7ff6dd17ff58959d7ad23101
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3943842da798c31a181edbdfd7e827be925f8530d91395b67a93139410b16115
                                                                                                                                                                                  • Instruction Fuzzy Hash: BC415032A0AF52C5EB14DF25A4808BC67A4EF46BD4B554035F94E87B86DF3CE891C354
                                                                                                                                                                                  Function 00007FF6AC3BC108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                  • Opcode ID: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                                                                                                                                                  • Instruction ID: 683a88ba4683fc5204997a866fac0905b7f230d0d5f836eac1218a338a141280
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                                                                                                                                                  • Instruction Fuzzy Hash: CA419E32A1AE8186DB60CF65E844BAA77A1FB88794F804031EE8DD7799DF3CD445CB40
                                                                                                                                                                                  Function 00007FF6AC3BE508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                  • Opcode ID: 24fee5e51c55e934ef4f67d82a017e0c29596870418d5541fc62c386ea4b4726
                                                                                                                                                                                  • Instruction ID: 897cb255fe3c3a4a108063599c35ac927bbb4a1681f1f877b6c946611a91af34
                                                                                                                                                                                  • Opcode Fuzzy Hash: 24fee5e51c55e934ef4f67d82a017e0c29596870418d5541fc62c386ea4b4726
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7321E472A09E9181EB208B15D454A6D73B1FFC8B84F458036D69D87286DF7CE949CB50
                                                                                                                                                                                  Function 00007FF6AC3A2770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                  • String ID: Fatal error detected
                                                                                                                                                                                  • API String ID: 1878133881-4025702859
                                                                                                                                                                                  • Opcode ID: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                                                                                                                                                  • Instruction ID: 553991c133697e4bf1168cd2871cc8b938befbc6d4c7ce6913b366b335debb4a
                                                                                                                                                                                  • Opcode Fuzzy Hash: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7521A17262DE8291EB20DB10F451BEA7364FBC4788F804035EA8D97A99CF3DD219CB40
                                                                                                                                                                                  Function 00007FF6AC3A2880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                  • String ID: Error detected
                                                                                                                                                                                  • API String ID: 1878133881-3513342764
                                                                                                                                                                                  • Opcode ID: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                                                                                                                                                  • Instruction ID: 99fa69237f99eae1ebe6434d14233532c9d2cc1117d9618dbff8c9b7a82fbca5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                                                                                                                                                  • Instruction Fuzzy Hash: DB21327262DE8291EB209B10F461BEA6364FBC4788F805135EA8D97699DF3DD219CB40
                                                                                                                                                                                  Function 00007FF6AC3AEFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                  • Opcode ID: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                                                                                                                                                  • Instruction ID: 7f7cbc2af85e5e03bb0d51724268166e8bdf0c7d7ff24797b1e24655ceeddeba
                                                                                                                                                                                  • Opcode Fuzzy Hash: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B114C3260AF8182EB218F15F44066DB7A4FB88B94F184230EE8C47768DF3DD565CB00
                                                                                                                                                                                  Function 00007FF6AC3BF00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.2807398668.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.2807375611.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807428528.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807452744.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.2807551137.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                  • API String ID: 2595371189-336475711
                                                                                                                                                                                  • Opcode ID: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                                                                                                                                                  • Instruction ID: 36d482e3bec9fe32b32545b9cbd9d6953104a9ebccb8696d4e02d9cfd7bb32e5
                                                                                                                                                                                  • Opcode Fuzzy Hash: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8801F22291DE0386FB31AF20A462ABE73A0EF88708F402435D54DC22A2DF3CE554DA14

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:1.2%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                  Total number of Nodes:796
                                                                                                                                                                                  Total number of Limit Nodes:23
                                                                                                                                                                                  execution_graph 103895 7ff6ac3aa620 103896 7ff6ac3aa643 103895->103896 103897 7ff6ac3aa65f memcpy_s 103895->103897 103899 7ff6ac3bcacc 103896->103899 103900 7ff6ac3bcb17 103899->103900 103904 7ff6ac3bcadb memcpy_s 103899->103904 103907 7ff6ac3b4444 11 API calls memcpy_s 103900->103907 103902 7ff6ac3bcafe HeapAlloc 103903 7ff6ac3bcb15 103902->103903 103902->103904 103903->103897 103904->103900 103904->103902 103906 7ff6ac3c26b0 EnterCriticalSection LeaveCriticalSection memcpy_s 103904->103906 103906->103904 103907->103903 103908 7ffb0b582e5f 103909 7ffb0b74caf0 103908->103909 103913 7ffb0b74cb27 103909->103913 103914 7ffb0b74d650 memmove 103909->103914 103911 7ffb0b74cbff 103911->103913 103915 7ffb0b74d650 memmove 103911->103915 103914->103911 103915->103913 103916 7ffb0b5849cb 103917 7ffb0b6ebb70 103916->103917 103920 7ffb0b582dec 103917->103920 103919 7ffb0b6ebb82 103920->103919 103922 7ffb0b6ea230 103920->103922 103921 7ffb0b6ea25f 103921->103919 103922->103921 103923 7ffb0b6ea374 GetLastError 103922->103923 103928 7ffb0b6ea395 103923->103928 103924 7ffb0b6ea49d 103926 7ffb0b6ea4b3 SetLastError 103924->103926 103927 7ffb0b6ea39d 103926->103927 103927->103919 103928->103924 103928->103927 103929 7ffb0b581af5 strerror_s 103928->103929 103929->103928 103930 7ffb0b586b77 103931 7ffb0b6ea5f0 103930->103931 103932 7ffb0b582dec 3 API calls 103931->103932 103933 7ffb0b6ea60d 103932->103933 103934 7ff6ac3ab19c 103955 7ff6ac3ab36c 103934->103955 103937 7ff6ac3ab2e8 104051 7ff6ac3ab69c 7 API calls 2 library calls 103937->104051 103938 7ff6ac3ab1b8 __scrt_acquire_startup_lock 103940 7ff6ac3ab2f2 103938->103940 103945 7ff6ac3ab1d6 __scrt_release_startup_lock 103938->103945 104052 7ff6ac3ab69c 7 API calls 2 library calls 103940->104052 103942 7ff6ac3ab1fb 103943 7ff6ac3ab2fd __CxxCallCatchBlock 103944 7ff6ac3ab281 103961 7ff6ac3ab7e8 103944->103961 103945->103942 103945->103944 104048 7ff6ac3b8984 45 API calls 103945->104048 103947 7ff6ac3ab286 103964 7ff6ac3a1000 103947->103964 103952 7ff6ac3ab2a9 103952->103943 104050 7ff6ac3ab500 7 API calls __scrt_initialize_crt 103952->104050 103954 7ff6ac3ab2c0 103954->103942 104053 7ff6ac3ab96c 103955->104053 103958 7ff6ac3ab1b0 103958->103937 103958->103938 103959 7ff6ac3ab39b __scrt_initialize_crt 103959->103958 104055 7ff6ac3acac8 7 API calls 2 library calls 103959->104055 104056 7ff6ac3ac210 103961->104056 103963 7ff6ac3ab7ff GetStartupInfoW 103963->103947 103965 7ff6ac3a100b 103964->103965 104058 7ff6ac3a7600 103965->104058 103967 7ff6ac3a101d 104065 7ff6ac3b4f14 103967->104065 103969 7ff6ac3a367b 104072 7ff6ac3a1af0 103969->104072 103975 7ff6ac3a3699 104039 7ff6ac3a379a 103975->104039 104088 7ff6ac3a3b20 103975->104088 103977 7ff6ac3a36cb 103977->104039 104091 7ff6ac3a6990 103977->104091 103979 7ff6ac3a36e7 103980 7ff6ac3a3733 103979->103980 103981 7ff6ac3a6990 61 API calls 103979->103981 104106 7ff6ac3a6f90 103980->104106 103987 7ff6ac3a3708 __std_exception_destroy 103981->103987 103983 7ff6ac3a3748 104110 7ff6ac3a19d0 103983->104110 103986 7ff6ac3a383d 103989 7ff6ac3a3868 103986->103989 104220 7ff6ac3a3280 59 API calls 103986->104220 103987->103980 103991 7ff6ac3a6f90 58 API calls 103987->103991 103988 7ff6ac3a19d0 121 API calls 103990 7ff6ac3a377e 103988->103990 104000 7ff6ac3a38ab 103989->104000 104121 7ff6ac3a7a30 103989->104121 103995 7ff6ac3a37c0 103990->103995 103996 7ff6ac3a3782 103990->103996 103991->103980 103994 7ff6ac3a3888 103997 7ff6ac3a389e SetDllDirectoryW 103994->103997 103998 7ff6ac3a388d 103994->103998 103995->103986 104196 7ff6ac3a3cb0 103995->104196 104186 7ff6ac3a2770 59 API calls 2 library calls 103996->104186 103997->104000 104221 7ff6ac3a2770 59 API calls 2 library calls 103998->104221 104135 7ff6ac3a5e40 104000->104135 104006 7ff6ac3a3906 104014 7ff6ac3a39c6 104006->104014 104020 7ff6ac3a3919 104006->104020 104007 7ff6ac3a37e2 104219 7ff6ac3a2770 59 API calls 2 library calls 104007->104219 104010 7ff6ac3a3810 104010->103986 104013 7ff6ac3a3815 104010->104013 104012 7ff6ac3a38c8 104012->104006 104223 7ff6ac3a5640 161 API calls 3 library calls 104012->104223 104215 7ff6ac3af2ac 104013->104215 104176 7ff6ac3a3110 104014->104176 104018 7ff6ac3a38d9 104021 7ff6ac3a38dd 104018->104021 104022 7ff6ac3a38fc 104018->104022 104029 7ff6ac3a3965 104020->104029 104227 7ff6ac3a1b30 104020->104227 104224 7ff6ac3a55d0 91 API calls 104021->104224 104226 7ff6ac3a5890 FreeLibrary 104022->104226 104027 7ff6ac3a38e7 104027->104022 104030 7ff6ac3a38eb 104027->104030 104028 7ff6ac3a39fb 104031 7ff6ac3a6990 61 API calls 104028->104031 104029->104039 104139 7ff6ac3a30b0 104029->104139 104225 7ff6ac3a5c90 60 API calls 104030->104225 104034 7ff6ac3a3a07 104031->104034 104037 7ff6ac3a3a18 104034->104037 104034->104039 104035 7ff6ac3a39a1 104231 7ff6ac3a5890 FreeLibrary 104035->104231 104036 7ff6ac3a38fa 104036->104006 104233 7ff6ac3a6fd0 63 API calls 2 library calls 104037->104233 104187 7ff6ac3aad80 104039->104187 104041 7ff6ac3a3a30 104234 7ff6ac3a5890 FreeLibrary 104041->104234 104043 7ff6ac3a3a3c 104044 7ff6ac3a3a57 104043->104044 104235 7ff6ac3a6c90 67 API calls 2 library calls 104043->104235 104236 7ff6ac3a1ab0 74 API calls __std_exception_destroy 104044->104236 104047 7ff6ac3a3a5f 104047->104039 104048->103944 104049 7ff6ac3ab82c GetModuleHandleW 104049->103952 104050->103954 104051->103940 104052->103943 104054 7ff6ac3ab38e __scrt_dllmain_crt_thread_attach 104053->104054 104054->103958 104054->103959 104055->103958 104057 7ff6ac3ac1f0 104056->104057 104057->103963 104057->104057 104059 7ff6ac3a761f 104058->104059 104060 7ff6ac3a7670 WideCharToMultiByte 104059->104060 104061 7ff6ac3a7627 __std_exception_destroy 104059->104061 104062 7ff6ac3a7718 104059->104062 104063 7ff6ac3a76c6 WideCharToMultiByte 104059->104063 104060->104059 104060->104062 104061->103967 104237 7ff6ac3a2620 57 API calls 2 library calls 104062->104237 104063->104059 104063->104062 104068 7ff6ac3bec40 104065->104068 104066 7ff6ac3bec93 104238 7ff6ac3b9ce4 37 API calls 2 library calls 104066->104238 104068->104066 104069 7ff6ac3bece6 104068->104069 104239 7ff6ac3beb18 71 API calls _fread_nolock 104069->104239 104071 7ff6ac3becbc 104071->103969 104073 7ff6ac3a1b05 104072->104073 104075 7ff6ac3a1b20 104073->104075 104240 7ff6ac3a24d0 59 API calls 2 library calls 104073->104240 104075->104039 104076 7ff6ac3a3ba0 104075->104076 104241 7ff6ac3aadb0 104076->104241 104079 7ff6ac3a3bf2 104244 7ff6ac3a7b40 59 API calls 104079->104244 104080 7ff6ac3a3bdb 104243 7ff6ac3a2620 57 API calls 2 library calls 104080->104243 104083 7ff6ac3a3bee 104086 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104083->104086 104084 7ff6ac3a3c05 104084->104083 104245 7ff6ac3a2770 59 API calls 2 library calls 104084->104245 104087 7ff6ac3a3c2f 104086->104087 104087->103975 104089 7ff6ac3a1b30 49 API calls 104088->104089 104090 7ff6ac3a3b3d 104089->104090 104090->103977 104092 7ff6ac3a699a 104091->104092 104093 7ff6ac3a7a30 57 API calls 104092->104093 104094 7ff6ac3a69bc GetEnvironmentVariableW 104093->104094 104095 7ff6ac3a69d4 ExpandEnvironmentStringsW 104094->104095 104096 7ff6ac3a6a26 104094->104096 104246 7ff6ac3a7b40 59 API calls 104095->104246 104098 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104096->104098 104100 7ff6ac3a6a38 104098->104100 104099 7ff6ac3a69fc 104099->104096 104101 7ff6ac3a6a06 104099->104101 104100->103979 104247 7ff6ac3b910c 37 API calls 2 library calls 104101->104247 104103 7ff6ac3a6a0e 104104 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104103->104104 104105 7ff6ac3a6a1e 104104->104105 104105->103979 104107 7ff6ac3a7a30 57 API calls 104106->104107 104108 7ff6ac3a6fa7 SetEnvironmentVariableW 104107->104108 104109 7ff6ac3a6fbf __std_exception_destroy 104108->104109 104109->103983 104111 7ff6ac3a1b30 49 API calls 104110->104111 104112 7ff6ac3a1a00 104111->104112 104113 7ff6ac3a1b30 49 API calls 104112->104113 104120 7ff6ac3a1a7a 104112->104120 104114 7ff6ac3a1a22 104113->104114 104115 7ff6ac3a3b20 49 API calls 104114->104115 104114->104120 104116 7ff6ac3a1a3b 104115->104116 104116->104116 104248 7ff6ac3a17b0 104116->104248 104119 7ff6ac3af2ac 74 API calls 104119->104120 104120->103986 104120->103988 104122 7ff6ac3a7a51 MultiByteToWideChar 104121->104122 104123 7ff6ac3a7ad7 MultiByteToWideChar 104121->104123 104126 7ff6ac3a7a77 104122->104126 104127 7ff6ac3a7a9c 104122->104127 104124 7ff6ac3a7b1f 104123->104124 104125 7ff6ac3a7afa 104123->104125 104124->103994 104333 7ff6ac3a2620 57 API calls 2 library calls 104125->104333 104331 7ff6ac3a2620 57 API calls 2 library calls 104126->104331 104127->104123 104132 7ff6ac3a7ab2 104127->104132 104130 7ff6ac3a7b0d 104130->103994 104131 7ff6ac3a7a8a 104131->103994 104332 7ff6ac3a2620 57 API calls 2 library calls 104132->104332 104134 7ff6ac3a7ac5 104134->103994 104136 7ff6ac3a5e55 104135->104136 104137 7ff6ac3a38b0 104136->104137 104334 7ff6ac3a24d0 59 API calls 2 library calls 104136->104334 104137->104006 104222 7ff6ac3a5ae0 122 API calls 2 library calls 104137->104222 104335 7ff6ac3a4960 104139->104335 104142 7ff6ac3a30fd 104142->104035 104144 7ff6ac3a30d4 104144->104142 104391 7ff6ac3a46e0 104144->104391 104146 7ff6ac3a30e0 104146->104142 104401 7ff6ac3a4840 104146->104401 104148 7ff6ac3a30ec 104148->104142 104149 7ff6ac3a3327 104148->104149 104150 7ff6ac3a333c 104148->104150 104432 7ff6ac3a2770 59 API calls 2 library calls 104149->104432 104152 7ff6ac3a335c 104150->104152 104164 7ff6ac3a3372 __std_exception_destroy 104150->104164 104433 7ff6ac3a2770 59 API calls 2 library calls 104152->104433 104154 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104156 7ff6ac3a34ca 104154->104156 104155 7ff6ac3a3333 __std_exception_destroy 104155->104154 104156->104035 104159 7ff6ac3a1b30 49 API calls 104159->104164 104160 7ff6ac3a360b 104441 7ff6ac3a2770 59 API calls 2 library calls 104160->104441 104162 7ff6ac3a35e5 104440 7ff6ac3a2770 59 API calls 2 library calls 104162->104440 104164->104155 104164->104159 104164->104160 104164->104162 104165 7ff6ac3a34d6 104164->104165 104406 7ff6ac3a12b0 104164->104406 104434 7ff6ac3a1780 59 API calls 104164->104434 104166 7ff6ac3a3542 104165->104166 104435 7ff6ac3b910c 37 API calls 2 library calls 104165->104435 104436 7ff6ac3a16d0 59 API calls 104166->104436 104169 7ff6ac3a3564 104170 7ff6ac3a3577 104169->104170 104171 7ff6ac3a3569 104169->104171 104438 7ff6ac3a2ea0 37 API calls 104170->104438 104437 7ff6ac3b910c 37 API calls 2 library calls 104171->104437 104174 7ff6ac3a3575 104439 7ff6ac3a23b0 62 API calls __std_exception_destroy 104174->104439 104181 7ff6ac3a31c4 104176->104181 104183 7ff6ac3a3183 104176->104183 104177 7ff6ac3a3203 104178 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104177->104178 104180 7ff6ac3a3215 104178->104180 104180->104039 104232 7ff6ac3a6f20 57 API calls __std_exception_destroy 104180->104232 104181->104177 104613 7ff6ac3a1ab0 74 API calls __std_exception_destroy 104181->104613 104183->104181 104557 7ff6ac3a2990 104183->104557 104612 7ff6ac3a1440 161 API calls 2 library calls 104183->104612 104614 7ff6ac3a1780 59 API calls 104183->104614 104186->104039 104188 7ff6ac3aad89 104187->104188 104189 7ff6ac3a37ae 104188->104189 104190 7ff6ac3aae40 IsProcessorFeaturePresent 104188->104190 104189->104049 104191 7ff6ac3aae58 104190->104191 104763 7ff6ac3ab034 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 104191->104763 104193 7ff6ac3aae6b 104764 7ff6ac3aae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 104193->104764 104197 7ff6ac3a3cbc 104196->104197 104198 7ff6ac3a7a30 57 API calls 104197->104198 104199 7ff6ac3a3ce7 104198->104199 104200 7ff6ac3a7a30 57 API calls 104199->104200 104201 7ff6ac3a3cfa 104200->104201 104765 7ff6ac3b54c8 104201->104765 104204 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104205 7ff6ac3a37da 104204->104205 104205->104007 104206 7ff6ac3a7200 104205->104206 104207 7ff6ac3a7224 104206->104207 104208 7ff6ac3af934 73 API calls 104207->104208 104213 7ff6ac3a72fb __std_exception_destroy 104207->104213 104209 7ff6ac3a723e 104208->104209 104209->104213 104936 7ff6ac3b7938 104209->104936 104211 7ff6ac3af934 73 API calls 104214 7ff6ac3a7253 104211->104214 104212 7ff6ac3af5fc _fread_nolock 53 API calls 104212->104214 104213->104010 104214->104211 104214->104212 104214->104213 104216 7ff6ac3af2dc 104215->104216 104952 7ff6ac3af088 104216->104952 104218 7ff6ac3af2f5 104218->104007 104219->104039 104220->103989 104221->104039 104222->104012 104223->104018 104224->104027 104225->104036 104226->104006 104228 7ff6ac3a1b55 104227->104228 104229 7ff6ac3b3be4 49 API calls 104228->104229 104230 7ff6ac3a1b78 104229->104230 104230->104029 104231->104039 104232->104028 104233->104041 104234->104043 104235->104044 104236->104047 104237->104061 104238->104071 104239->104071 104240->104075 104242 7ff6ac3a3bac GetModuleFileNameW 104241->104242 104242->104079 104242->104080 104243->104083 104244->104084 104245->104083 104246->104099 104247->104103 104249 7ff6ac3a17e4 104248->104249 104250 7ff6ac3a17d4 104248->104250 104252 7ff6ac3a7200 83 API calls 104249->104252 104278 7ff6ac3a1842 104249->104278 104251 7ff6ac3a3cb0 116 API calls 104250->104251 104251->104249 104253 7ff6ac3a1815 104252->104253 104253->104278 104282 7ff6ac3af934 104253->104282 104255 7ff6ac3a182b 104257 7ff6ac3a182f 104255->104257 104258 7ff6ac3a184c 104255->104258 104256 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104259 7ff6ac3a19c0 104256->104259 104295 7ff6ac3a24d0 59 API calls 2 library calls 104257->104295 104286 7ff6ac3af5fc 104258->104286 104259->104119 104259->104120 104263 7ff6ac3af934 73 API calls 104265 7ff6ac3a18d1 104263->104265 104266 7ff6ac3a18fe 104265->104266 104267 7ff6ac3a18e3 104265->104267 104269 7ff6ac3af5fc _fread_nolock 53 API calls 104266->104269 104297 7ff6ac3a24d0 59 API calls 2 library calls 104267->104297 104270 7ff6ac3a1913 104269->104270 104271 7ff6ac3a1925 104270->104271 104272 7ff6ac3a1867 104270->104272 104289 7ff6ac3af370 104271->104289 104296 7ff6ac3a24d0 59 API calls 2 library calls 104272->104296 104275 7ff6ac3a193d 104298 7ff6ac3a2770 59 API calls 2 library calls 104275->104298 104277 7ff6ac3a1993 104277->104278 104280 7ff6ac3af2ac 74 API calls 104277->104280 104278->104256 104279 7ff6ac3a1950 104279->104277 104299 7ff6ac3a2770 59 API calls 2 library calls 104279->104299 104280->104278 104283 7ff6ac3af964 104282->104283 104300 7ff6ac3af6c4 104283->104300 104285 7ff6ac3af97d 104285->104255 104313 7ff6ac3af61c 104286->104313 104290 7ff6ac3af379 104289->104290 104291 7ff6ac3a1939 104289->104291 104329 7ff6ac3b4444 11 API calls memcpy_s 104290->104329 104291->104275 104291->104279 104293 7ff6ac3af37e 104330 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104293->104330 104295->104278 104296->104278 104297->104278 104298->104278 104299->104277 104301 7ff6ac3af72e 104300->104301 104302 7ff6ac3af6ee 104300->104302 104301->104302 104304 7ff6ac3af73a 104301->104304 104312 7ff6ac3b9ce4 37 API calls 2 library calls 104302->104312 104311 7ff6ac3b42ec EnterCriticalSection 104304->104311 104305 7ff6ac3af715 104305->104285 104307 7ff6ac3af73f 104308 7ff6ac3af848 71 API calls 104307->104308 104309 7ff6ac3af751 104308->104309 104310 7ff6ac3b42f8 _fread_nolock LeaveCriticalSection 104309->104310 104310->104305 104312->104305 104314 7ff6ac3a1861 104313->104314 104315 7ff6ac3af646 104313->104315 104314->104263 104314->104272 104315->104314 104316 7ff6ac3af655 memcpy_s 104315->104316 104317 7ff6ac3af692 104315->104317 104327 7ff6ac3b4444 11 API calls memcpy_s 104316->104327 104326 7ff6ac3b42ec EnterCriticalSection 104317->104326 104319 7ff6ac3af69a 104321 7ff6ac3af39c _fread_nolock 51 API calls 104319->104321 104323 7ff6ac3af6b1 104321->104323 104322 7ff6ac3af66a 104328 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104322->104328 104325 7ff6ac3b42f8 _fread_nolock LeaveCriticalSection 104323->104325 104325->104314 104327->104322 104329->104293 104331->104131 104332->104134 104333->104130 104334->104137 104336 7ff6ac3a4970 104335->104336 104337 7ff6ac3a1b30 49 API calls 104336->104337 104338 7ff6ac3a49a2 104337->104338 104339 7ff6ac3a49ab 104338->104339 104342 7ff6ac3a49cb 104338->104342 104455 7ff6ac3a2770 59 API calls 2 library calls 104339->104455 104341 7ff6ac3a4a22 104343 7ff6ac3a3d30 49 API calls 104341->104343 104342->104341 104442 7ff6ac3a3d30 104342->104442 104346 7ff6ac3a4a3b 104343->104346 104344 7ff6ac3a49c1 104348 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104344->104348 104349 7ff6ac3a4a59 104346->104349 104457 7ff6ac3a2770 59 API calls 2 library calls 104346->104457 104347 7ff6ac3a49ec 104350 7ff6ac3a4a0a 104347->104350 104456 7ff6ac3a2770 59 API calls 2 library calls 104347->104456 104352 7ff6ac3a30be 104348->104352 104354 7ff6ac3a71b0 58 API calls 104349->104354 104445 7ff6ac3a3c40 104350->104445 104352->104142 104363 7ff6ac3a4ce0 104352->104363 104357 7ff6ac3a4a66 104354->104357 104358 7ff6ac3a4a6b 104357->104358 104359 7ff6ac3a4a8d 104357->104359 104458 7ff6ac3a2620 57 API calls 2 library calls 104358->104458 104459 7ff6ac3a3df0 112 API calls 104359->104459 104364 7ff6ac3a6990 61 API calls 104363->104364 104366 7ff6ac3a4cf5 104364->104366 104365 7ff6ac3a4d10 104367 7ff6ac3a7a30 57 API calls 104365->104367 104366->104365 104487 7ff6ac3a2880 59 API calls 2 library calls 104366->104487 104368 7ff6ac3a4d54 104367->104368 104370 7ff6ac3a4d70 104368->104370 104371 7ff6ac3a4d59 104368->104371 104374 7ff6ac3a7a30 57 API calls 104370->104374 104488 7ff6ac3a2770 59 API calls 2 library calls 104371->104488 104373 7ff6ac3a4d65 104373->104144 104375 7ff6ac3a4da5 104374->104375 104378 7ff6ac3a1b30 49 API calls 104375->104378 104389 7ff6ac3a4daa __std_exception_destroy 104375->104389 104377 7ff6ac3a4f51 104377->104144 104379 7ff6ac3a4e27 104378->104379 104380 7ff6ac3a4e2e 104379->104380 104381 7ff6ac3a4e53 104379->104381 104489 7ff6ac3a2770 59 API calls 2 library calls 104380->104489 104383 7ff6ac3a7a30 57 API calls 104381->104383 104385 7ff6ac3a4e6c 104383->104385 104384 7ff6ac3a4e43 104384->104144 104385->104389 104460 7ff6ac3a4ac0 104385->104460 104390 7ff6ac3a4f3a 104389->104390 104491 7ff6ac3a2770 59 API calls 2 library calls 104389->104491 104390->104144 104392 7ff6ac3a46f7 104391->104392 104393 7ff6ac3a4720 104392->104393 104400 7ff6ac3a4737 __std_exception_destroy 104392->104400 104507 7ff6ac3a2770 59 API calls 2 library calls 104393->104507 104395 7ff6ac3a472c 104395->104146 104396 7ff6ac3a481b 104396->104146 104397 7ff6ac3a12b0 122 API calls 104397->104400 104400->104396 104400->104397 104508 7ff6ac3a2770 59 API calls 2 library calls 104400->104508 104509 7ff6ac3a1780 59 API calls 104400->104509 104403 7ff6ac3a4947 104401->104403 104404 7ff6ac3a485b 104401->104404 104403->104148 104404->104403 104405 7ff6ac3a2770 59 API calls 104404->104405 104510 7ff6ac3a1780 59 API calls 104404->104510 104405->104404 104407 7ff6ac3a12c6 104406->104407 104408 7ff6ac3a12f8 104406->104408 104409 7ff6ac3a3cb0 116 API calls 104407->104409 104410 7ff6ac3af934 73 API calls 104408->104410 104411 7ff6ac3a12d6 104409->104411 104412 7ff6ac3a130a 104410->104412 104411->104408 104414 7ff6ac3a12de 104411->104414 104413 7ff6ac3a130e 104412->104413 104418 7ff6ac3a132f 104412->104418 104530 7ff6ac3a24d0 59 API calls 2 library calls 104413->104530 104529 7ff6ac3a2770 59 API calls 2 library calls 104414->104529 104417 7ff6ac3a1325 104417->104164 104420 7ff6ac3a1364 104418->104420 104421 7ff6ac3a1344 104418->104421 104419 7ff6ac3a12ee 104419->104164 104423 7ff6ac3a137e 104420->104423 104427 7ff6ac3a1395 104420->104427 104531 7ff6ac3a24d0 59 API calls 2 library calls 104421->104531 104511 7ff6ac3a1050 104423->104511 104425 7ff6ac3af5fc _fread_nolock 53 API calls 104425->104427 104426 7ff6ac3a1421 104426->104164 104427->104425 104429 7ff6ac3a13de 104427->104429 104430 7ff6ac3a135f __std_exception_destroy 104427->104430 104428 7ff6ac3af2ac 74 API calls 104428->104426 104532 7ff6ac3a24d0 59 API calls 2 library calls 104429->104532 104430->104426 104430->104428 104432->104155 104433->104155 104434->104164 104435->104166 104436->104169 104437->104174 104438->104174 104439->104155 104440->104155 104441->104155 104443 7ff6ac3a1b30 49 API calls 104442->104443 104444 7ff6ac3a3d60 104443->104444 104444->104347 104444->104444 104446 7ff6ac3a3c4a 104445->104446 104447 7ff6ac3a7a30 57 API calls 104446->104447 104448 7ff6ac3a3c72 104447->104448 104449 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104448->104449 104450 7ff6ac3a3c9a 104449->104450 104450->104341 104451 7ff6ac3a71b0 104450->104451 104452 7ff6ac3a7a30 57 API calls 104451->104452 104453 7ff6ac3a71c7 LoadLibraryExW 104452->104453 104454 7ff6ac3a71e4 __std_exception_destroy 104453->104454 104454->104341 104455->104344 104456->104350 104457->104349 104458->104344 104459->104344 104464 7ff6ac3a4ada 104460->104464 104461 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104462 7ff6ac3a4cb0 104461->104462 104490 7ff6ac3a7c30 59 API calls __std_exception_destroy 104462->104490 104465 7ff6ac3a4bf3 104464->104465 104469 7ff6ac3a4cc9 104464->104469 104486 7ff6ac3a4c91 104464->104486 104492 7ff6ac3b56d0 47 API calls 104464->104492 104493 7ff6ac3a1780 59 API calls 104464->104493 104465->104486 104494 7ff6ac3b9184 104465->104494 104504 7ff6ac3a2770 59 API calls 2 library calls 104469->104504 104472 7ff6ac3a4c16 104473 7ff6ac3b9184 _fread_nolock 37 API calls 104472->104473 104474 7ff6ac3a4c28 104473->104474 104501 7ff6ac3b57dc 39 API calls 3 library calls 104474->104501 104476 7ff6ac3a4c34 104502 7ff6ac3b5d64 73 API calls 104476->104502 104478 7ff6ac3a4c46 104503 7ff6ac3b5d64 73 API calls 104478->104503 104480 7ff6ac3a4c58 104481 7ff6ac3b4f14 71 API calls 104480->104481 104482 7ff6ac3a4c69 104481->104482 104483 7ff6ac3b4f14 71 API calls 104482->104483 104484 7ff6ac3a4c7d 104483->104484 104485 7ff6ac3b4f14 71 API calls 104484->104485 104485->104486 104486->104461 104487->104365 104488->104373 104489->104384 104490->104389 104491->104377 104492->104464 104493->104464 104495 7ff6ac3b918d 104494->104495 104499 7ff6ac3a4c0a 104494->104499 104505 7ff6ac3b4444 11 API calls memcpy_s 104495->104505 104497 7ff6ac3b9192 104506 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104497->104506 104500 7ff6ac3b57dc 39 API calls 3 library calls 104499->104500 104500->104472 104501->104476 104502->104478 104503->104480 104504->104486 104505->104497 104507->104395 104508->104400 104509->104400 104510->104404 104512 7ff6ac3a10a6 104511->104512 104513 7ff6ac3a10d3 104512->104513 104514 7ff6ac3a10ad 104512->104514 104517 7ff6ac3a1109 104513->104517 104518 7ff6ac3a10ed 104513->104518 104537 7ff6ac3a2770 59 API calls 2 library calls 104514->104537 104516 7ff6ac3a10c0 104516->104430 104520 7ff6ac3a111b 104517->104520 104523 7ff6ac3a1137 memcpy_s 104517->104523 104538 7ff6ac3a24d0 59 API calls 2 library calls 104518->104538 104539 7ff6ac3a24d0 59 API calls 2 library calls 104520->104539 104522 7ff6ac3af5fc _fread_nolock 53 API calls 104522->104523 104523->104522 104524 7ff6ac3a1104 __std_exception_destroy 104523->104524 104525 7ff6ac3a11fe 104523->104525 104528 7ff6ac3af370 37 API calls 104523->104528 104533 7ff6ac3afd3c 104523->104533 104524->104430 104540 7ff6ac3a2770 59 API calls 2 library calls 104525->104540 104528->104523 104529->104419 104530->104417 104531->104430 104532->104430 104534 7ff6ac3afd6c 104533->104534 104541 7ff6ac3afa8c 104534->104541 104536 7ff6ac3afd8a 104536->104523 104537->104516 104538->104524 104539->104524 104540->104524 104542 7ff6ac3afad9 104541->104542 104543 7ff6ac3afaac 104541->104543 104542->104536 104543->104542 104544 7ff6ac3afae1 104543->104544 104545 7ff6ac3afab6 104543->104545 104548 7ff6ac3af9cc 104544->104548 104555 7ff6ac3b9ce4 37 API calls 2 library calls 104545->104555 104556 7ff6ac3b42ec EnterCriticalSection 104548->104556 104550 7ff6ac3af9e9 104551 7ff6ac3afa0c 74 API calls 104550->104551 104552 7ff6ac3af9f2 104551->104552 104553 7ff6ac3b42f8 _fread_nolock LeaveCriticalSection 104552->104553 104554 7ff6ac3af9fd 104553->104554 104554->104542 104555->104542 104558 7ff6ac3a29a6 104557->104558 104559 7ff6ac3a1b30 49 API calls 104558->104559 104560 7ff6ac3a29db 104559->104560 104561 7ff6ac3a3b20 49 API calls 104560->104561 104589 7ff6ac3a2de1 104560->104589 104562 7ff6ac3a2a4f 104561->104562 104615 7ff6ac3a2e00 104562->104615 104565 7ff6ac3a2a91 104623 7ff6ac3a6720 98 API calls 104565->104623 104566 7ff6ac3a2aca 104568 7ff6ac3a2e00 75 API calls 104566->104568 104570 7ff6ac3a2b1c 104568->104570 104569 7ff6ac3a2a99 104578 7ff6ac3a2aba 104569->104578 104624 7ff6ac3a6600 138 API calls 2 library calls 104569->104624 104571 7ff6ac3a2b20 104570->104571 104572 7ff6ac3a2b86 104570->104572 104625 7ff6ac3a6720 98 API calls 104571->104625 104575 7ff6ac3a2e00 75 API calls 104572->104575 104579 7ff6ac3a2bb2 104575->104579 104577 7ff6ac3a2ac3 104582 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104577->104582 104578->104577 104627 7ff6ac3a2770 59 API calls 2 library calls 104578->104627 104581 7ff6ac3a2c12 104579->104581 104583 7ff6ac3a2e00 75 API calls 104579->104583 104580 7ff6ac3a2b28 104580->104578 104626 7ff6ac3a6600 138 API calls 2 library calls 104580->104626 104581->104589 104628 7ff6ac3a6720 98 API calls 104581->104628 104586 7ff6ac3a2b7b 104582->104586 104587 7ff6ac3a2be2 104583->104587 104586->104183 104587->104581 104591 7ff6ac3a2e00 75 API calls 104587->104591 104588 7ff6ac3a2b45 104588->104578 104590 7ff6ac3a2dc6 104588->104590 104632 7ff6ac3a2770 59 API calls 2 library calls 104590->104632 104591->104581 104592 7ff6ac3a2c22 104592->104589 104593 7ff6ac3a1af0 59 API calls 104592->104593 104605 7ff6ac3a2d3f 104592->104605 104594 7ff6ac3a2c7f 104593->104594 104594->104589 104598 7ff6ac3a1b30 49 API calls 104594->104598 104596 7ff6ac3a2d3a 104633 7ff6ac3a1ab0 74 API calls __std_exception_destroy 104596->104633 104599 7ff6ac3a2ca7 104598->104599 104599->104590 104601 7ff6ac3a1b30 49 API calls 104599->104601 104600 7ff6ac3a2dab 104600->104590 104631 7ff6ac3a1440 161 API calls 2 library calls 104600->104631 104602 7ff6ac3a2cd4 104601->104602 104602->104590 104604 7ff6ac3a1b30 49 API calls 104602->104604 104606 7ff6ac3a2d01 104604->104606 104605->104600 104630 7ff6ac3a1780 59 API calls 104605->104630 104606->104590 104608 7ff6ac3a17b0 121 API calls 104606->104608 104609 7ff6ac3a2d23 104608->104609 104609->104605 104610 7ff6ac3a2d27 104609->104610 104629 7ff6ac3a2770 59 API calls 2 library calls 104610->104629 104612->104183 104613->104181 104614->104183 104616 7ff6ac3a2e34 104615->104616 104634 7ff6ac3b3be4 104616->104634 104619 7ff6ac3a2e6b 104621 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104619->104621 104622 7ff6ac3a2a8d 104621->104622 104622->104565 104622->104566 104623->104569 104624->104578 104625->104580 104626->104588 104627->104577 104628->104592 104629->104596 104630->104605 104631->104600 104632->104596 104633->104589 104635 7ff6ac3b3c3e 104634->104635 104636 7ff6ac3b3c63 104635->104636 104638 7ff6ac3b3c9f 104635->104638 104669 7ff6ac3b9ce4 37 API calls 2 library calls 104636->104669 104670 7ff6ac3b1e70 49 API calls _invalid_parameter_noinfo 104638->104670 104640 7ff6ac3b3c8d 104642 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104640->104642 104641 7ff6ac3b3d36 104644 7ff6ac3b3d7c 104641->104644 104646 7ff6ac3b3da0 104641->104646 104647 7ff6ac3b3d51 104641->104647 104650 7ff6ac3b3d48 104641->104650 104645 7ff6ac3a2e5a 104642->104645 104643 7ff6ac3b9e18 __free_lconv_num 11 API calls 104643->104640 104644->104643 104645->104619 104652 7ff6ac3b4e08 104645->104652 104646->104644 104648 7ff6ac3b3daa 104646->104648 104671 7ff6ac3b9e18 104647->104671 104651 7ff6ac3b9e18 __free_lconv_num 11 API calls 104648->104651 104650->104644 104650->104647 104651->104640 104653 7ff6ac3b4e31 104652->104653 104654 7ff6ac3b4e25 104652->104654 104703 7ff6ac3b4a1c 45 API calls __CxxCallCatchBlock 104653->104703 104678 7ff6ac3b4680 104654->104678 104657 7ff6ac3b4e59 104660 7ff6ac3b4e69 104657->104660 104704 7ff6ac3bdfcc 5 API calls __crtLCMapStringW 104657->104704 104705 7ff6ac3b4504 14 API calls 3 library calls 104660->104705 104661 7ff6ac3b4ec1 104662 7ff6ac3b4ed9 104661->104662 104664 7ff6ac3b4ec5 104661->104664 104665 7ff6ac3b4680 69 API calls 104662->104665 104663 7ff6ac3b4e2a 104663->104619 104664->104663 104666 7ff6ac3b9e18 __free_lconv_num 11 API calls 104664->104666 104667 7ff6ac3b4ee5 104665->104667 104666->104663 104667->104663 104668 7ff6ac3b9e18 __free_lconv_num 11 API calls 104667->104668 104668->104663 104669->104640 104670->104641 104672 7ff6ac3b9e4c 104671->104672 104673 7ff6ac3b9e1d HeapFree 104671->104673 104672->104640 104673->104672 104674 7ff6ac3b9e38 GetLastError 104673->104674 104675 7ff6ac3b9e45 __free_lconv_num 104674->104675 104677 7ff6ac3b4444 11 API calls memcpy_s 104675->104677 104677->104672 104679 7ff6ac3b46b7 104678->104679 104680 7ff6ac3b469a 104678->104680 104679->104680 104682 7ff6ac3b46ca CreateFileW 104679->104682 104732 7ff6ac3b4424 11 API calls memcpy_s 104680->104732 104684 7ff6ac3b46fe 104682->104684 104685 7ff6ac3b4734 104682->104685 104683 7ff6ac3b469f 104733 7ff6ac3b4444 11 API calls memcpy_s 104683->104733 104706 7ff6ac3b47d4 GetFileType 104684->104706 104735 7ff6ac3b4cf8 46 API calls 3 library calls 104685->104735 104689 7ff6ac3b46a7 104734 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104689->104734 104691 7ff6ac3b4739 104692 7ff6ac3b4768 104691->104692 104693 7ff6ac3b473d 104691->104693 104737 7ff6ac3b4ab8 104692->104737 104736 7ff6ac3b43b8 11 API calls 2 library calls 104693->104736 104695 7ff6ac3b4713 CloseHandle 104699 7ff6ac3b46b2 104695->104699 104696 7ff6ac3b4729 CloseHandle 104696->104699 104699->104663 104700 7ff6ac3b4747 104700->104699 104703->104657 104704->104660 104705->104661 104707 7ff6ac3b48df 104706->104707 104708 7ff6ac3b4822 104706->104708 104710 7ff6ac3b4909 104707->104710 104711 7ff6ac3b48e7 104707->104711 104709 7ff6ac3b484e GetFileInformationByHandle 104708->104709 104755 7ff6ac3b4bf4 21 API calls _fread_nolock 104708->104755 104714 7ff6ac3b4877 104709->104714 104715 7ff6ac3b48fa GetLastError 104709->104715 104712 7ff6ac3b492c PeekNamedPipe 104710->104712 104718 7ff6ac3b48ca 104710->104718 104711->104715 104716 7ff6ac3b48eb 104711->104716 104712->104718 104720 7ff6ac3b4ab8 51 API calls 104714->104720 104758 7ff6ac3b43b8 11 API calls 2 library calls 104715->104758 104757 7ff6ac3b4444 11 API calls memcpy_s 104716->104757 104722 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104718->104722 104719 7ff6ac3b483c 104719->104709 104719->104718 104723 7ff6ac3b4882 104720->104723 104724 7ff6ac3b470c 104722->104724 104748 7ff6ac3b497c 104723->104748 104724->104695 104724->104696 104727 7ff6ac3b497c 10 API calls 104728 7ff6ac3b48a1 104727->104728 104729 7ff6ac3b497c 10 API calls 104728->104729 104730 7ff6ac3b48b2 104729->104730 104730->104718 104756 7ff6ac3b4444 11 API calls memcpy_s 104730->104756 104732->104683 104733->104689 104735->104691 104736->104700 104739 7ff6ac3b4ae0 104737->104739 104738 7ff6ac3b4775 104747 7ff6ac3b4bf4 21 API calls _fread_nolock 104738->104747 104739->104738 104759 7ff6ac3be674 51 API calls 2 library calls 104739->104759 104741 7ff6ac3b4b74 104741->104738 104760 7ff6ac3be674 51 API calls 2 library calls 104741->104760 104743 7ff6ac3b4b87 104743->104738 104761 7ff6ac3be674 51 API calls 2 library calls 104743->104761 104745 7ff6ac3b4b9a 104745->104738 104762 7ff6ac3be674 51 API calls 2 library calls 104745->104762 104747->104700 104749 7ff6ac3b49a5 FileTimeToSystemTime 104748->104749 104750 7ff6ac3b4998 104748->104750 104751 7ff6ac3b49b9 SystemTimeToTzSpecificLocalTime 104749->104751 104752 7ff6ac3b49a0 104749->104752 104750->104749 104750->104752 104751->104752 104753 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104752->104753 104754 7ff6ac3b4891 104753->104754 104754->104727 104755->104719 104756->104718 104757->104718 104758->104718 104759->104741 104760->104743 104761->104745 104762->104738 104763->104193 104767 7ff6ac3b53fc 104765->104767 104766 7ff6ac3b5422 104796 7ff6ac3b4444 11 API calls memcpy_s 104766->104796 104767->104766 104769 7ff6ac3b5455 104767->104769 104771 7ff6ac3b5468 104769->104771 104772 7ff6ac3b545b 104769->104772 104770 7ff6ac3b5427 104797 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104770->104797 104784 7ff6ac3ba0f8 104771->104784 104798 7ff6ac3b4444 11 API calls memcpy_s 104772->104798 104774 7ff6ac3a3d09 104774->104204 104778 7ff6ac3b5489 104791 7ff6ac3bf49c 104778->104791 104779 7ff6ac3b547c 104799 7ff6ac3b4444 11 API calls memcpy_s 104779->104799 104782 7ff6ac3b549c 104800 7ff6ac3b42f8 LeaveCriticalSection 104782->104800 104801 7ff6ac3bf788 EnterCriticalSection 104784->104801 104786 7ff6ac3ba10f 104787 7ff6ac3ba16c 19 API calls 104786->104787 104788 7ff6ac3ba11a 104787->104788 104789 7ff6ac3bf7e8 _isindst LeaveCriticalSection 104788->104789 104790 7ff6ac3b5472 104789->104790 104790->104778 104790->104779 104802 7ff6ac3bf198 104791->104802 104794 7ff6ac3bf4f6 104794->104782 104796->104770 104798->104774 104799->104774 104803 7ff6ac3bf1d3 __vcrt_FlsAlloc 104802->104803 104812 7ff6ac3bf39a 104803->104812 104817 7ff6ac3c5474 51 API calls 3 library calls 104803->104817 104805 7ff6ac3bf471 104821 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104805->104821 104807 7ff6ac3bf3a3 104807->104794 104814 7ff6ac3c615c 104807->104814 104809 7ff6ac3bf405 104809->104812 104818 7ff6ac3c5474 51 API calls 3 library calls 104809->104818 104811 7ff6ac3bf424 104811->104812 104819 7ff6ac3c5474 51 API calls 3 library calls 104811->104819 104812->104807 104820 7ff6ac3b4444 11 API calls memcpy_s 104812->104820 104822 7ff6ac3c575c 104814->104822 104817->104809 104818->104811 104819->104812 104820->104805 104823 7ff6ac3c5791 104822->104823 104824 7ff6ac3c5773 104822->104824 104823->104824 104826 7ff6ac3c57ad 104823->104826 104876 7ff6ac3b4444 11 API calls memcpy_s 104824->104876 104833 7ff6ac3c5d6c 104826->104833 104827 7ff6ac3c5778 104877 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104827->104877 104831 7ff6ac3c5784 104831->104794 104879 7ff6ac3c5aa0 104833->104879 104836 7ff6ac3c5de1 104910 7ff6ac3b4424 11 API calls memcpy_s 104836->104910 104837 7ff6ac3c5df9 104898 7ff6ac3b6cfc 104837->104898 104854 7ff6ac3c57d8 104854->104831 104878 7ff6ac3b6cd4 LeaveCriticalSection 104854->104878 104856 7ff6ac3c5de6 104911 7ff6ac3b4444 11 API calls memcpy_s 104856->104911 104876->104827 104880 7ff6ac3c5acc 104879->104880 104888 7ff6ac3c5ae6 104879->104888 104880->104888 104923 7ff6ac3b4444 11 API calls memcpy_s 104880->104923 104882 7ff6ac3c5adb 104924 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104882->104924 104884 7ff6ac3c5bb5 104896 7ff6ac3c5c12 104884->104896 104929 7ff6ac3b576c 37 API calls 2 library calls 104884->104929 104885 7ff6ac3c5b64 104885->104884 104927 7ff6ac3b4444 11 API calls memcpy_s 104885->104927 104888->104885 104925 7ff6ac3b4444 11 API calls memcpy_s 104888->104925 104889 7ff6ac3c5c0e 104889->104896 104930 7ff6ac3b9dd0 IsProcessorFeaturePresent 104889->104930 104890 7ff6ac3c5baa 104928 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104890->104928 104893 7ff6ac3c5b59 104926 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104893->104926 104896->104836 104896->104837 104935 7ff6ac3bf788 EnterCriticalSection 104898->104935 104910->104856 104911->104854 104923->104882 104925->104893 104927->104890 104929->104889 104931 7ff6ac3b9de3 104930->104931 104934 7ff6ac3b9ae4 14 API calls 2 library calls 104931->104934 104933 7ff6ac3b9dfe GetCurrentProcess TerminateProcess 104934->104933 104937 7ff6ac3b7968 104936->104937 104940 7ff6ac3b7444 104937->104940 104939 7ff6ac3b7981 104939->104214 104941 7ff6ac3b748e 104940->104941 104942 7ff6ac3b745f 104940->104942 104950 7ff6ac3b42ec EnterCriticalSection 104941->104950 104951 7ff6ac3b9ce4 37 API calls 2 library calls 104942->104951 104945 7ff6ac3b7493 104947 7ff6ac3b74b0 38 API calls 104945->104947 104946 7ff6ac3b747f 104946->104939 104948 7ff6ac3b749f 104947->104948 104949 7ff6ac3b42f8 _fread_nolock LeaveCriticalSection 104948->104949 104949->104946 104951->104946 104953 7ff6ac3af0d1 104952->104953 104954 7ff6ac3af0a3 104952->104954 104956 7ff6ac3af0c3 104953->104956 104962 7ff6ac3b42ec EnterCriticalSection 104953->104962 104963 7ff6ac3b9ce4 37 API calls 2 library calls 104954->104963 104956->104218 104958 7ff6ac3af0e8 104959 7ff6ac3af104 72 API calls 104958->104959 104960 7ff6ac3af0f4 104959->104960 104961 7ff6ac3b42f8 _fread_nolock LeaveCriticalSection 104960->104961 104961->104956 104963->104956 104964 7ff6ac3be8dc 104965 7ff6ac3beace 104964->104965 104967 7ff6ac3be91e _isindst 104964->104967 105011 7ff6ac3b4444 11 API calls memcpy_s 104965->105011 104967->104965 104970 7ff6ac3be99e _isindst 104967->104970 104968 7ff6ac3aad80 _wfindfirst32i64 8 API calls 104969 7ff6ac3beae9 104968->104969 104985 7ff6ac3c53b4 104970->104985 104975 7ff6ac3beafa 104976 7ff6ac3b9dd0 _wfindfirst32i64 17 API calls 104975->104976 104978 7ff6ac3beb0e 104976->104978 104982 7ff6ac3be9fb 104984 7ff6ac3beabe 104982->104984 105010 7ff6ac3c53f8 37 API calls _isindst 104982->105010 104984->104968 104986 7ff6ac3be9bc 104985->104986 104987 7ff6ac3c53c3 104985->104987 104992 7ff6ac3c47b8 104986->104992 105012 7ff6ac3bf788 EnterCriticalSection 104987->105012 104989 7ff6ac3c53cb 104990 7ff6ac3c53dc 104989->104990 104991 7ff6ac3c5224 55 API calls 104989->104991 104991->104990 104993 7ff6ac3c47c1 104992->104993 104994 7ff6ac3be9d1 104992->104994 105013 7ff6ac3b4444 11 API calls memcpy_s 104993->105013 104994->104975 104998 7ff6ac3c47e8 104994->104998 104996 7ff6ac3c47c6 105014 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 104996->105014 104999 7ff6ac3c47f1 104998->104999 105000 7ff6ac3be9e2 104998->105000 105015 7ff6ac3b4444 11 API calls memcpy_s 104999->105015 105000->104975 105004 7ff6ac3c4818 105000->105004 105002 7ff6ac3c47f6 105016 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 105002->105016 105005 7ff6ac3c4821 105004->105005 105006 7ff6ac3be9f3 105004->105006 105017 7ff6ac3b4444 11 API calls memcpy_s 105005->105017 105006->104975 105006->104982 105008 7ff6ac3c4826 105018 7ff6ac3b9db0 37 API calls _invalid_parameter_noinfo 105008->105018 105010->104984 105011->104984 105013->104996 105015->105002 105017->105008

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 00007FF6AC3C4E20 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 110 7ff6ac3c4e20-7ff6ac3c4e5b call 7ff6ac3c47a8 call 7ff6ac3c47b0 call 7ff6ac3c4818 117 7ff6ac3c4e61-7ff6ac3c4e6c call 7ff6ac3c47b8 110->117 118 7ff6ac3c5085-7ff6ac3c50d1 call 7ff6ac3b9dd0 call 7ff6ac3c47a8 call 7ff6ac3c47b0 call 7ff6ac3c4818 110->118 117->118 124 7ff6ac3c4e72-7ff6ac3c4e7c 117->124 144 7ff6ac3c520f-7ff6ac3c527d call 7ff6ac3b9dd0 call 7ff6ac3c06b8 118->144 145 7ff6ac3c50d7-7ff6ac3c50e2 call 7ff6ac3c47b8 118->145 126 7ff6ac3c4e9e-7ff6ac3c4ea2 124->126 127 7ff6ac3c4e7e-7ff6ac3c4e81 124->127 128 7ff6ac3c4ea5-7ff6ac3c4ead 126->128 130 7ff6ac3c4e84-7ff6ac3c4e8f 127->130 128->128 133 7ff6ac3c4eaf-7ff6ac3c4ec2 call 7ff6ac3bcacc 128->133 131 7ff6ac3c4e91-7ff6ac3c4e98 130->131 132 7ff6ac3c4e9a-7ff6ac3c4e9c 130->132 131->130 131->132 132->126 135 7ff6ac3c4ecb-7ff6ac3c4ed9 132->135 140 7ff6ac3c4ec4-7ff6ac3c4ec6 call 7ff6ac3b9e18 133->140 141 7ff6ac3c4eda-7ff6ac3c4ee6 call 7ff6ac3b9e18 133->141 140->135 151 7ff6ac3c4eed-7ff6ac3c4ef5 141->151 163 7ff6ac3c527f-7ff6ac3c5286 144->163 164 7ff6ac3c528b-7ff6ac3c528e 144->164 145->144 154 7ff6ac3c50e8-7ff6ac3c50f3 call 7ff6ac3c47e8 145->154 151->151 155 7ff6ac3c4ef7-7ff6ac3c4f08 call 7ff6ac3bf924 151->155 154->144 165 7ff6ac3c50f9-7ff6ac3c511c call 7ff6ac3b9e18 GetTimeZoneInformation 154->165 155->118 162 7ff6ac3c4f0e-7ff6ac3c4f64 call 7ff6ac3ac210 * 4 call 7ff6ac3c4d3c 155->162 222 7ff6ac3c4f66-7ff6ac3c4f6a 162->222 168 7ff6ac3c531b-7ff6ac3c531e 163->168 169 7ff6ac3c5290 164->169 170 7ff6ac3c52c5-7ff6ac3c52d8 call 7ff6ac3bcacc 164->170 177 7ff6ac3c51e4-7ff6ac3c520e call 7ff6ac3c47a0 call 7ff6ac3c4790 call 7ff6ac3c4798 165->177 178 7ff6ac3c5122-7ff6ac3c5143 165->178 174 7ff6ac3c5324-7ff6ac3c532c call 7ff6ac3c4e20 168->174 175 7ff6ac3c5293 168->175 169->175 183 7ff6ac3c52e3-7ff6ac3c52fe call 7ff6ac3c06b8 170->183 184 7ff6ac3c52da 170->184 181 7ff6ac3c5298-7ff6ac3c52c4 call 7ff6ac3b9e18 call 7ff6ac3aad80 174->181 175->181 182 7ff6ac3c5293 call 7ff6ac3c509c 175->182 185 7ff6ac3c514e-7ff6ac3c5155 178->185 186 7ff6ac3c5145-7ff6ac3c514b 178->186 182->181 208 7ff6ac3c5300-7ff6ac3c5303 183->208 209 7ff6ac3c5305-7ff6ac3c5317 call 7ff6ac3b9e18 183->209 191 7ff6ac3c52dc-7ff6ac3c52e1 call 7ff6ac3b9e18 184->191 192 7ff6ac3c5169 185->192 193 7ff6ac3c5157-7ff6ac3c515f 185->193 186->185 191->169 202 7ff6ac3c516b-7ff6ac3c51df call 7ff6ac3ac210 * 4 call 7ff6ac3c1c7c call 7ff6ac3c5334 * 2 192->202 193->192 199 7ff6ac3c5161-7ff6ac3c5167 193->199 199->202 202->177 208->191 209->168 224 7ff6ac3c4f70-7ff6ac3c4f74 222->224 225 7ff6ac3c4f6c 222->225 224->222 227 7ff6ac3c4f76-7ff6ac3c4f9b call 7ff6ac3c7c64 224->227 225->224 233 7ff6ac3c4f9e-7ff6ac3c4fa2 227->233 235 7ff6ac3c4fb1-7ff6ac3c4fb5 233->235 236 7ff6ac3c4fa4-7ff6ac3c4faf 233->236 235->233 236->235 238 7ff6ac3c4fb7-7ff6ac3c4fbb 236->238 241 7ff6ac3c4fbd-7ff6ac3c4fe5 call 7ff6ac3c7c64 238->241 242 7ff6ac3c503c-7ff6ac3c5040 238->242 250 7ff6ac3c5003-7ff6ac3c5007 241->250 251 7ff6ac3c4fe7 241->251 243 7ff6ac3c5042-7ff6ac3c5044 242->243 244 7ff6ac3c5047-7ff6ac3c5054 242->244 243->244 246 7ff6ac3c506f-7ff6ac3c507e call 7ff6ac3c47a0 call 7ff6ac3c4790 244->246 247 7ff6ac3c5056-7ff6ac3c506c call 7ff6ac3c4d3c 244->247 246->118 247->246 250->242 256 7ff6ac3c5009-7ff6ac3c5027 call 7ff6ac3c7c64 250->256 254 7ff6ac3c4fea-7ff6ac3c4ff1 251->254 254->250 257 7ff6ac3c4ff3-7ff6ac3c5001 254->257 262 7ff6ac3c5033-7ff6ac3c503a 256->262 257->250 257->254 262->242 263 7ff6ac3c5029-7ff6ac3c502d 262->263 263->242 264 7ff6ac3c502f 263->264 264->262
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C4E65
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3C47B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3C47CC
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: HeapFree.KERNEL32(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E2E
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: GetLastError.KERNEL32(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E38
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6AC3B9DAF,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3B9DD9
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6AC3B9DAF,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3B9DFE
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C4E54
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3C4818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3C482C
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50CA
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50DB
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50EC
                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6AC3C532C), ref: 00007FF6AC3C5113
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                  • API String ID: 4070488512-239921721
                                                                                                                                                                                  • Opcode ID: a9f1dad40c5644c1829df854b35cf2cff202b4769108a1d535aac39d904cb9be
                                                                                                                                                                                  • Instruction ID: 4009a8f1a1c72b54e57a6ed37f248bc4f907f5b7f9fa1744643628e60a05b70a
                                                                                                                                                                                  • Opcode Fuzzy Hash: a9f1dad40c5644c1829df854b35cf2cff202b4769108a1d535aac39d904cb9be
                                                                                                                                                                                  • Instruction Fuzzy Hash: EDD1D126E0EA6286EB20EF25D8409BD63A1FF85B84F458035EA4DC7686DF3DF845C740
                                                                                                                                                                                  Function 00007FF6AC3C5D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 392 7ff6ac3c5d6c-7ff6ac3c5ddf call 7ff6ac3c5aa0 395 7ff6ac3c5de1-7ff6ac3c5dea call 7ff6ac3b4424 392->395 396 7ff6ac3c5df9-7ff6ac3c5e03 call 7ff6ac3b6cfc 392->396 401 7ff6ac3c5ded-7ff6ac3c5df4 call 7ff6ac3b4444 395->401 402 7ff6ac3c5e1e-7ff6ac3c5e87 CreateFileW 396->402 403 7ff6ac3c5e05-7ff6ac3c5e1c call 7ff6ac3b4424 call 7ff6ac3b4444 396->403 417 7ff6ac3c613a-7ff6ac3c615a 401->417 404 7ff6ac3c5f04-7ff6ac3c5f0f GetFileType 402->404 405 7ff6ac3c5e89-7ff6ac3c5e8f 402->405 403->401 411 7ff6ac3c5f11-7ff6ac3c5f4c GetLastError call 7ff6ac3b43b8 CloseHandle 404->411 412 7ff6ac3c5f62-7ff6ac3c5f69 404->412 408 7ff6ac3c5ed1-7ff6ac3c5eff GetLastError call 7ff6ac3b43b8 405->408 409 7ff6ac3c5e91-7ff6ac3c5e95 405->409 408->401 409->408 414 7ff6ac3c5e97-7ff6ac3c5ecf CreateFileW 409->414 411->401 427 7ff6ac3c5f52-7ff6ac3c5f5d call 7ff6ac3b4444 411->427 418 7ff6ac3c5f71-7ff6ac3c5f74 412->418 419 7ff6ac3c5f6b-7ff6ac3c5f6f 412->419 414->404 414->408 421 7ff6ac3c5f76 418->421 422 7ff6ac3c5f7a-7ff6ac3c5fcf call 7ff6ac3b6c14 418->422 419->422 421->422 430 7ff6ac3c5fd1-7ff6ac3c5fdd call 7ff6ac3c5ca8 422->430 431 7ff6ac3c5fee-7ff6ac3c601f call 7ff6ac3c5820 422->431 427->401 430->431 437 7ff6ac3c5fdf 430->437 438 7ff6ac3c6021-7ff6ac3c6023 431->438 439 7ff6ac3c6025-7ff6ac3c6067 431->439 442 7ff6ac3c5fe1-7ff6ac3c5fe9 call 7ff6ac3b9f90 437->442 438->442 440 7ff6ac3c6089-7ff6ac3c6094 439->440 441 7ff6ac3c6069-7ff6ac3c606d 439->441 444 7ff6ac3c6138 440->444 445 7ff6ac3c609a-7ff6ac3c609e 440->445 441->440 443 7ff6ac3c606f-7ff6ac3c6084 441->443 442->417 443->440 444->417 445->444 447 7ff6ac3c60a4-7ff6ac3c60e9 CloseHandle CreateFileW 445->447 449 7ff6ac3c611e-7ff6ac3c6133 447->449 450 7ff6ac3c60eb-7ff6ac3c6119 GetLastError call 7ff6ac3b43b8 call 7ff6ac3b6e3c 447->450 449->444 450->449
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                                  • Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                  • Instruction ID: 56ddc5c6a6e42c2d7b95076c05a4dc68f90575d109f872c94e552a944048b952
                                                                                                                                                                                  • Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AC1C237B2AE5286EB14DF69C490AAC3771FB49B98B011235DE2E97795CF38E455C300
                                                                                                                                                                                  Function 00007FF6AC3C509C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 773 7ff6ac3c509c-7ff6ac3c50d1 call 7ff6ac3c47a8 call 7ff6ac3c47b0 call 7ff6ac3c4818 780 7ff6ac3c520f-7ff6ac3c527d call 7ff6ac3b9dd0 call 7ff6ac3c06b8 773->780 781 7ff6ac3c50d7-7ff6ac3c50e2 call 7ff6ac3c47b8 773->781 792 7ff6ac3c527f-7ff6ac3c5286 780->792 793 7ff6ac3c528b-7ff6ac3c528e 780->793 781->780 787 7ff6ac3c50e8-7ff6ac3c50f3 call 7ff6ac3c47e8 781->787 787->780 794 7ff6ac3c50f9-7ff6ac3c511c call 7ff6ac3b9e18 GetTimeZoneInformation 787->794 796 7ff6ac3c531b-7ff6ac3c531e 792->796 797 7ff6ac3c5290 793->797 798 7ff6ac3c52c5-7ff6ac3c52d8 call 7ff6ac3bcacc 793->798 804 7ff6ac3c51e4-7ff6ac3c520e call 7ff6ac3c47a0 call 7ff6ac3c4790 call 7ff6ac3c4798 794->804 805 7ff6ac3c5122-7ff6ac3c5143 794->805 801 7ff6ac3c5324-7ff6ac3c532c call 7ff6ac3c4e20 796->801 802 7ff6ac3c5293 796->802 797->802 809 7ff6ac3c52e3-7ff6ac3c52fe call 7ff6ac3c06b8 798->809 810 7ff6ac3c52da 798->810 807 7ff6ac3c5298-7ff6ac3c52c4 call 7ff6ac3b9e18 call 7ff6ac3aad80 801->807 802->807 808 7ff6ac3c5293 call 7ff6ac3c509c 802->808 811 7ff6ac3c514e-7ff6ac3c5155 805->811 812 7ff6ac3c5145-7ff6ac3c514b 805->812 808->807 830 7ff6ac3c5300-7ff6ac3c5303 809->830 831 7ff6ac3c5305-7ff6ac3c5317 call 7ff6ac3b9e18 809->831 816 7ff6ac3c52dc-7ff6ac3c52e1 call 7ff6ac3b9e18 810->816 817 7ff6ac3c5169 811->817 818 7ff6ac3c5157-7ff6ac3c515f 811->818 812->811 816->797 825 7ff6ac3c516b-7ff6ac3c51df call 7ff6ac3ac210 * 4 call 7ff6ac3c1c7c call 7ff6ac3c5334 * 2 817->825 818->817 823 7ff6ac3c5161-7ff6ac3c5167 818->823 823->825 825->804 830->816 831->796
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50CA
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3C4818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3C482C
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50DB
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3C47B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3C47CC
                                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF6AC3C50EC
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3C47E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3C47FC
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: HeapFree.KERNEL32(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E2E
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: GetLastError.KERNEL32(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E38
                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6AC3C532C), ref: 00007FF6AC3C5113
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                  • API String ID: 3458911817-239921721
                                                                                                                                                                                  • Opcode ID: 8dda7e1bb43cce3069c61b2343a9d469707a009ccb87a98b23344d3931a91aef
                                                                                                                                                                                  • Instruction ID: 199a3eda209a89f49821e3af6857395eb80d358e9ca250c8ad1c061ad6b30fc0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dda7e1bb43cce3069c61b2343a9d469707a009ccb87a98b23344d3931a91aef
                                                                                                                                                                                  • Instruction Fuzzy Hash: E8519032A1EE5286EB20DF21E9809BD77A0FB89784F444136EA5DC7696DF3CF4058B40
                                                                                                                                                                                  Function 00007FF6AC3A17B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                  • API String ID: 2153230061-4158440160
                                                                                                                                                                                  • Opcode ID: ff03c8c8365038d74c317ea0cb150b0183cf08cfb18117a7f9405f0f5490d7da
                                                                                                                                                                                  • Instruction ID: 9d3393dee066e7bf30e202c97db6a49474b973522f7fa964824320fd6b2b481c
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff03c8c8365038d74c317ea0cb150b0183cf08cfb18117a7f9405f0f5490d7da
                                                                                                                                                                                  • Instruction Fuzzy Hash: 66515972A0BE0686EF54DF28D490A7C33A0EB88B48B518139DA0DC7799DF3DE564CB44
                                                                                                                                                                                  Function 00007FF6AC3A12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                  • API String ID: 2030045667-3659356012
                                                                                                                                                                                  • Opcode ID: ecaa5d24d00795e9150110cd280845f792f9d522939ad738a243ebe9a06bca30
                                                                                                                                                                                  • Instruction ID: 37fd414c80ace0fa6405042764967b9ba70b4380ddc30f2c58b9d4b512fb60be
                                                                                                                                                                                  • Opcode Fuzzy Hash: ecaa5d24d00795e9150110cd280845f792f9d522939ad738a243ebe9a06bca30
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8441A161B0AE5282EE24DB15E440ABAB7A0FF84794F444432DF4D87B95EE3EE556C700
                                                                                                                                                                                  Function 00007FF6AC3A1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 455 7ff6ac3a1000-7ff6ac3a3686 call 7ff6ac3af080 call 7ff6ac3af078 call 7ff6ac3a7600 call 7ff6ac3af078 call 7ff6ac3aadb0 call 7ff6ac3b4270 call 7ff6ac3b4f14 call 7ff6ac3a1af0 473 7ff6ac3a379a 455->473 474 7ff6ac3a368c-7ff6ac3a369b call 7ff6ac3a3ba0 455->474 475 7ff6ac3a379f-7ff6ac3a37bf call 7ff6ac3aad80 473->475 474->473 480 7ff6ac3a36a1-7ff6ac3a36b4 call 7ff6ac3a3a70 474->480 480->473 483 7ff6ac3a36ba-7ff6ac3a36cd call 7ff6ac3a3b20 480->483 483->473 486 7ff6ac3a36d3-7ff6ac3a36fa call 7ff6ac3a6990 483->486 489 7ff6ac3a373c-7ff6ac3a3764 call 7ff6ac3a6f90 call 7ff6ac3a19d0 486->489 490 7ff6ac3a36fc-7ff6ac3a370b call 7ff6ac3a6990 486->490 500 7ff6ac3a376a-7ff6ac3a3780 call 7ff6ac3a19d0 489->500 501 7ff6ac3a384d-7ff6ac3a385e 489->501 490->489 495 7ff6ac3a370d-7ff6ac3a3713 490->495 498 7ff6ac3a371f-7ff6ac3a3739 call 7ff6ac3b409c call 7ff6ac3a6f90 495->498 499 7ff6ac3a3715-7ff6ac3a371d 495->499 498->489 499->498 512 7ff6ac3a37c0-7ff6ac3a37c3 500->512 513 7ff6ac3a3782-7ff6ac3a3795 call 7ff6ac3a2770 500->513 505 7ff6ac3a3860-7ff6ac3a386a call 7ff6ac3a3280 501->505 506 7ff6ac3a3873-7ff6ac3a388b call 7ff6ac3a7a30 501->506 520 7ff6ac3a38ab-7ff6ac3a38b8 call 7ff6ac3a5e40 505->520 521 7ff6ac3a386c 505->521 516 7ff6ac3a389e-7ff6ac3a38a5 SetDllDirectoryW 506->516 517 7ff6ac3a388d-7ff6ac3a3899 call 7ff6ac3a2770 506->517 512->501 519 7ff6ac3a37c9-7ff6ac3a37e0 call 7ff6ac3a3cb0 512->519 513->473 516->520 517->473 530 7ff6ac3a37e2-7ff6ac3a37e5 519->530 531 7ff6ac3a37e7-7ff6ac3a3813 call 7ff6ac3a7200 519->531 528 7ff6ac3a3906-7ff6ac3a390b call 7ff6ac3a5dc0 520->528 529 7ff6ac3a38ba-7ff6ac3a38ca call 7ff6ac3a5ae0 520->529 521->506 538 7ff6ac3a3910-7ff6ac3a3913 528->538 529->528 545 7ff6ac3a38cc-7ff6ac3a38db call 7ff6ac3a5640 529->545 535 7ff6ac3a3822-7ff6ac3a3838 call 7ff6ac3a2770 530->535 540 7ff6ac3a3815-7ff6ac3a381d call 7ff6ac3af2ac 531->540 541 7ff6ac3a383d-7ff6ac3a384b 531->541 535->473 543 7ff6ac3a39c6-7ff6ac3a39ce call 7ff6ac3a3110 538->543 544 7ff6ac3a3919-7ff6ac3a3926 538->544 540->535 541->505 554 7ff6ac3a39d3-7ff6ac3a39d5 543->554 547 7ff6ac3a3930-7ff6ac3a393a 544->547 558 7ff6ac3a38dd-7ff6ac3a38e9 call 7ff6ac3a55d0 545->558 559 7ff6ac3a38fc-7ff6ac3a3901 call 7ff6ac3a5890 545->559 551 7ff6ac3a3943-7ff6ac3a3945 547->551 552 7ff6ac3a393c-7ff6ac3a3941 547->552 556 7ff6ac3a3991-7ff6ac3a399c call 7ff6ac3a3270 call 7ff6ac3a30b0 551->556 557 7ff6ac3a3947-7ff6ac3a396a call 7ff6ac3a1b30 551->557 552->547 552->551 554->473 555 7ff6ac3a39db-7ff6ac3a3a12 call 7ff6ac3a6f20 call 7ff6ac3a6990 call 7ff6ac3a53e0 554->555 555->473 582 7ff6ac3a3a18-7ff6ac3a3a4d call 7ff6ac3a3270 call 7ff6ac3a6fd0 call 7ff6ac3a5890 call 7ff6ac3a5dc0 555->582 576 7ff6ac3a39a1-7ff6ac3a39c1 call 7ff6ac3a3260 call 7ff6ac3a5890 call 7ff6ac3a5dc0 556->576 557->473 569 7ff6ac3a3970-7ff6ac3a397b 557->569 558->559 570 7ff6ac3a38eb-7ff6ac3a38fa call 7ff6ac3a5c90 558->570 559->528 573 7ff6ac3a3980-7ff6ac3a398f 569->573 570->538 573->556 573->573 576->475 595 7ff6ac3a3a4f-7ff6ac3a3a52 call 7ff6ac3a6c90 582->595 596 7ff6ac3a3a57-7ff6ac3a3a61 call 7ff6ac3a1ab0 582->596 595->596 596->475
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A3BA0: GetModuleFileNameW.KERNEL32(?,00007FF6AC3A3699), ref: 00007FF6AC3A3BD1
                                                                                                                                                                                  • SetDllDirectoryW.KERNEL32 ref: 00007FF6AC3A38A5
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A6990: GetEnvironmentVariableW.KERNEL32(00007FF6AC3A36E7), ref: 00007FF6AC3A69CA
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A6990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6AC3A69E7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                  • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                  • API String ID: 2344891160-3602715111
                                                                                                                                                                                  • Opcode ID: 8112d3d585c797d6373512e27b0d923afc52f30f080197f56f8e373327622072
                                                                                                                                                                                  • Instruction ID: 9c572362e3c61a1c7dee99a034b7ed572ae41953a1f4c78e0a5119f3482c3585
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8112d3d585c797d6373512e27b0d923afc52f30f080197f56f8e373327622072
                                                                                                                                                                                  • Instruction Fuzzy Hash: F6B1C562B1FE8351EEA4AB25D850AFD6390BFC4784F404135EA4DC7696EF2EE5248740
                                                                                                                                                                                  Function 00007FF6AC3A1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 600 7ff6ac3a1050-7ff6ac3a10ab call 7ff6ac3aa610 603 7ff6ac3a10d3-7ff6ac3a10eb call 7ff6ac3b40b0 600->603 604 7ff6ac3a10ad-7ff6ac3a10d2 call 7ff6ac3a2770 600->604 609 7ff6ac3a1109-7ff6ac3a1119 call 7ff6ac3b40b0 603->609 610 7ff6ac3a10ed-7ff6ac3a1104 call 7ff6ac3a24d0 603->610 616 7ff6ac3a1137-7ff6ac3a1147 609->616 617 7ff6ac3a111b-7ff6ac3a1132 call 7ff6ac3a24d0 609->617 615 7ff6ac3a126c-7ff6ac3a12a0 call 7ff6ac3aa2f0 call 7ff6ac3b409c * 2 610->615 618 7ff6ac3a1150-7ff6ac3a1175 call 7ff6ac3af5fc 616->618 617->615 626 7ff6ac3a125e 618->626 627 7ff6ac3a117b-7ff6ac3a1185 call 7ff6ac3af370 618->627 629 7ff6ac3a1264 626->629 627->626 634 7ff6ac3a118b-7ff6ac3a1197 627->634 629->615 635 7ff6ac3a11a0-7ff6ac3a11c8 call 7ff6ac3a8a60 634->635 638 7ff6ac3a1241-7ff6ac3a125c call 7ff6ac3a2770 635->638 639 7ff6ac3a11ca-7ff6ac3a11cd 635->639 638->629 640 7ff6ac3a11cf-7ff6ac3a11d9 639->640 641 7ff6ac3a123c 639->641 643 7ff6ac3a1203-7ff6ac3a1206 640->643 644 7ff6ac3a11db-7ff6ac3a11e8 call 7ff6ac3afd3c 640->644 641->638 646 7ff6ac3a1219-7ff6ac3a121e 643->646 647 7ff6ac3a1208-7ff6ac3a1216 call 7ff6ac3abb60 643->647 651 7ff6ac3a11ed-7ff6ac3a11f0 644->651 646->635 650 7ff6ac3a1220-7ff6ac3a1223 646->650 647->646 653 7ff6ac3a1225-7ff6ac3a1228 650->653 654 7ff6ac3a1237-7ff6ac3a123a 650->654 655 7ff6ac3a11fe-7ff6ac3a1201 651->655 656 7ff6ac3a11f2-7ff6ac3a11fc call 7ff6ac3af370 651->656 653->638 658 7ff6ac3a122a-7ff6ac3a1232 653->658 654->629 655->638 656->646 656->655 658->618
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                  • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                  • API String ID: 2030045667-1655038675
                                                                                                                                                                                  • Opcode ID: f1c4074ec0abc5802172eef40d2d49a059c0678c18db7c2d1415d9d62a531baa
                                                                                                                                                                                  • Instruction ID: c41fd381014a871dacebe093299bce554cab7aa453d30f96d7df32b636ad40a3
                                                                                                                                                                                  • Opcode Fuzzy Hash: f1c4074ec0abc5802172eef40d2d49a059c0678c18db7c2d1415d9d62a531baa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1851CE22A0EE8285EE609B51E440BBA73A0FBC4794F444131DE4DC778AEF3EE565C740
                                                                                                                                                                                  Function 00007FF6AC3BAF2C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 660 7ff6ac3baf2c-7ff6ac3baf52 661 7ff6ac3baf54-7ff6ac3baf68 call 7ff6ac3b4424 call 7ff6ac3b4444 660->661 662 7ff6ac3baf6d-7ff6ac3baf71 660->662 676 7ff6ac3bb35e 661->676 663 7ff6ac3bb347-7ff6ac3bb353 call 7ff6ac3b4424 call 7ff6ac3b4444 662->663 664 7ff6ac3baf77-7ff6ac3baf7e 662->664 683 7ff6ac3bb359 call 7ff6ac3b9db0 663->683 664->663 667 7ff6ac3baf84-7ff6ac3bafb2 664->667 667->663 670 7ff6ac3bafb8-7ff6ac3bafbf 667->670 673 7ff6ac3bafc1-7ff6ac3bafd3 call 7ff6ac3b4424 call 7ff6ac3b4444 670->673 674 7ff6ac3bafd8-7ff6ac3bafdb 670->674 673->683 679 7ff6ac3bafe1-7ff6ac3bafe7 674->679 680 7ff6ac3bb343-7ff6ac3bb345 674->680 681 7ff6ac3bb361-7ff6ac3bb378 676->681 679->680 684 7ff6ac3bafed-7ff6ac3baff0 679->684 680->681 683->676 684->673 687 7ff6ac3baff2-7ff6ac3bb017 684->687 688 7ff6ac3bb019-7ff6ac3bb01b 687->688 689 7ff6ac3bb04a-7ff6ac3bb051 687->689 691 7ff6ac3bb042-7ff6ac3bb048 688->691 692 7ff6ac3bb01d-7ff6ac3bb024 688->692 693 7ff6ac3bb053-7ff6ac3bb07b call 7ff6ac3bcacc call 7ff6ac3b9e18 * 2 689->693 694 7ff6ac3bb026-7ff6ac3bb03d call 7ff6ac3b4424 call 7ff6ac3b4444 call 7ff6ac3b9db0 689->694 696 7ff6ac3bb0c8-7ff6ac3bb0df 691->696 692->691 692->694 721 7ff6ac3bb098-7ff6ac3bb0c3 call 7ff6ac3bb754 693->721 722 7ff6ac3bb07d-7ff6ac3bb093 call 7ff6ac3b4444 call 7ff6ac3b4424 693->722 725 7ff6ac3bb1d0 694->725 699 7ff6ac3bb0e1-7ff6ac3bb0e9 696->699 700 7ff6ac3bb15a-7ff6ac3bb164 call 7ff6ac3c2a3c 696->700 699->700 704 7ff6ac3bb0eb-7ff6ac3bb0ed 699->704 712 7ff6ac3bb1ee 700->712 713 7ff6ac3bb16a-7ff6ac3bb17f 700->713 704->700 708 7ff6ac3bb0ef-7ff6ac3bb105 704->708 708->700 714 7ff6ac3bb107-7ff6ac3bb113 708->714 716 7ff6ac3bb1f3-7ff6ac3bb213 ReadFile 712->716 713->712 718 7ff6ac3bb181-7ff6ac3bb193 GetConsoleMode 713->718 714->700 719 7ff6ac3bb115-7ff6ac3bb117 714->719 723 7ff6ac3bb219-7ff6ac3bb221 716->723 724 7ff6ac3bb30d-7ff6ac3bb316 GetLastError 716->724 718->712 726 7ff6ac3bb195-7ff6ac3bb19d 718->726 719->700 720 7ff6ac3bb119-7ff6ac3bb131 719->720 720->700 727 7ff6ac3bb133-7ff6ac3bb13f 720->727 721->696 722->725 723->724 729 7ff6ac3bb227 723->729 732 7ff6ac3bb333-7ff6ac3bb336 724->732 733 7ff6ac3bb318-7ff6ac3bb32e call 7ff6ac3b4444 call 7ff6ac3b4424 724->733 734 7ff6ac3bb1d3-7ff6ac3bb1dd call 7ff6ac3b9e18 725->734 726->716 731 7ff6ac3bb19f-7ff6ac3bb1c1 ReadConsoleW 726->731 727->700 736 7ff6ac3bb141-7ff6ac3bb143 727->736 740 7ff6ac3bb22e-7ff6ac3bb243 729->740 742 7ff6ac3bb1c3 GetLastError 731->742 743 7ff6ac3bb1e2-7ff6ac3bb1ec 731->743 737 7ff6ac3bb1c9-7ff6ac3bb1cb call 7ff6ac3b43b8 732->737 738 7ff6ac3bb33c-7ff6ac3bb33e 732->738 733->725 734->681 736->700 746 7ff6ac3bb145-7ff6ac3bb155 736->746 737->725 738->734 740->734 748 7ff6ac3bb245-7ff6ac3bb250 740->748 742->737 743->740 746->700 753 7ff6ac3bb252-7ff6ac3bb26b call 7ff6ac3bab44 748->753 754 7ff6ac3bb277-7ff6ac3bb27f 748->754 760 7ff6ac3bb270-7ff6ac3bb272 753->760 757 7ff6ac3bb281-7ff6ac3bb293 754->757 758 7ff6ac3bb2fb-7ff6ac3bb308 call 7ff6ac3ba984 754->758 761 7ff6ac3bb2ee-7ff6ac3bb2f6 757->761 762 7ff6ac3bb295 757->762 758->760 760->734 761->734 764 7ff6ac3bb29a-7ff6ac3bb2a1 762->764 765 7ff6ac3bb2a3-7ff6ac3bb2a7 764->765 766 7ff6ac3bb2dd-7ff6ac3bb2e8 764->766 767 7ff6ac3bb2c3 765->767 768 7ff6ac3bb2a9-7ff6ac3bb2b0 765->768 766->761 770 7ff6ac3bb2c9-7ff6ac3bb2d9 767->770 768->767 769 7ff6ac3bb2b2-7ff6ac3bb2b6 768->769 769->767 771 7ff6ac3bb2b8-7ff6ac3bb2c1 769->771 770->764 772 7ff6ac3bb2db 770->772 771->770 772->761
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: 6f2067f9e2b798d7e4aa60285487f192dd8020c4dcad372bd04a148e1f9d7242
                                                                                                                                                                                  • Instruction ID: 8e70a676c943fcbff58d1045c34dbd5d7d7effde0178d546c88f796cc99649c3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f2067f9e2b798d7e4aa60285487f192dd8020c4dcad372bd04a148e1f9d7242
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DC1F222A0EF8691EB609B15A440ABE7BA4FF81BC4F550131DA4E87793CF7CE859C340
                                                                                                                                                                                  Function 00007FF6AC3BE8DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _get_daylight$_isindst
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4170891091-0
                                                                                                                                                                                  • Opcode ID: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                                                                                                                                                  • Instruction ID: 9bb3ce0bc6649c0ff61081f3c26de5c19ba3dbcaf3681efe5d3b85329b724380
                                                                                                                                                                                  • Opcode Fuzzy Hash: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B51F572F06E218AFB14DB6C9951ABC27A5BF41358F544235ED2ED2AE6DF38E4128700
                                                                                                                                                                                  Function 00007FF6AC3B47D4 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2780335769-0
                                                                                                                                                                                  • Opcode ID: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                                                                                                                                                  • Instruction ID: 1d71dc3a339da97d5c6fdff92c854d205d3fe9a06c6c031f9d5f54cd1d0696c4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                                                                                                                                                  • Instruction Fuzzy Hash: 47518D22E1AF519AFB10DFB4D4507BD33A1AB48B98F108534DE4DD768ADF38D8558708
                                                                                                                                                                                  Function 00007FF6AC3AB19C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1452418845-0
                                                                                                                                                                                  • Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                  • Instruction ID: a18026f9750b1ae54b0d32700fabecac24ee55e6e0dbada8f4e7915a411e1935
                                                                                                                                                                                  • Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53313831E0EE0745FE54AB659415BBD2391AFD1388F844035E94EDB2E3DE6EF8258341
                                                                                                                                                                                  Function 00007FF6AC3B4680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279662727-0
                                                                                                                                                                                  • Opcode ID: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                                                                                                                                                  • Instruction ID: a66cc8ae0bf08afb556e9538774326b736136abb750bfc5337634b89efcf47f2
                                                                                                                                                                                  • Opcode Fuzzy Hash: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3341D222E19F9293E7148B20950177963A0FF957A4F109334EAAC83AD6DF6CE9E08704
                                                                                                                                                                                  Function 00007FF6AC3AF39C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
                                                                                                                                                                                  • Instruction ID: c8e5e8fc41df6592979de64a2df36978e62de908288002dc9614320003f17bca
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4551A661B0BE5286EF68DE259400E7E6291AFC8BA8F144734DD6DC77C6CF3ED4218604
                                                                                                                                                                                  Function 00007FF6AC3BB604 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,?,?,00000000,00007FF6AC3BB79D), ref: 00007FF6AC3BB650
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF6AC3BB79D), ref: 00007FF6AC3BB65A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                                  • Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                  • Instruction ID: 3ac490a3fe910bc44f00465804c4a1b919f3fd65b69144128aaecca95d4f009f
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5611C162A19F9281DA108B25F40466DA361BB45BF8F544331EE7D877EADF7CE4158700
                                                                                                                                                                                  Function 00007FF6AC3B497C Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3B4891), ref: 00007FF6AC3B49AF
                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3B4891), ref: 00007FF6AC3B49C5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1707611234-0
                                                                                                                                                                                  • Opcode ID: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                                                                                                                                                  • Instruction ID: 704bd9f9ad7bf416a1ebfac1878be622a0e658960dd6a6c6d96f950ac4900032
                                                                                                                                                                                  • Opcode Fuzzy Hash: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B11AC7260DE5282EB648B15A45147EB7A0FB85771F500235FAAEC1AE8EF2CE458CF04
                                                                                                                                                                                  Function 00007FF6AC3BA028 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00007FF6AC3B9EA5,?,?,00000000,00007FF6AC3B9F5A), ref: 00007FF6AC3BA096
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6AC3B9EA5,?,?,00000000,00007FF6AC3B9F5A), ref: 00007FF6AC3BA0A0
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                                  • Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                  • Instruction ID: 6574dd25c5ca11d618665256fd0d096660c7179c27e6c8d06c882507d97e9acc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF21B421F1EE8241FE549766E594BBD12A1AF84BE4F044235EA2ED77C7CE6CE8458300
                                                                                                                                                                                  Function 00007FF6AC3BB37C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                                                                                                                                                  • Instruction ID: f164bd51f16ae01b362c37da0f05daa5d13643032eef57cdc3ca2831a5403fc8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                                                                                                                                                  • Instruction Fuzzy Hash: ED41E23290AE0187EA34DB19E551A7DB3A0FF96B48F100231D68EC76D2CF2CE402C751
                                                                                                                                                                                  Function 00007FF6AC3A7200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                                  • Opcode ID: b4fea7ecc410311bd9d66afe3adfd02b6f2d9493ad0a081b290473815e0a31d9
                                                                                                                                                                                  • Instruction ID: e4023c35ce3dc2403aaf46cdb417f1e87819c7ab709b8e33d4657898b92731bf
                                                                                                                                                                                  • Opcode Fuzzy Hash: b4fea7ecc410311bd9d66afe3adfd02b6f2d9493ad0a081b290473815e0a31d9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0321E721B0AA9195FE219B126544BFAA651BF86BC4F894430EE4D87782CF3EE152C704
                                                                                                                                                                                  Function 00007FF6AC3BAE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
                                                                                                                                                                                  • Instruction ID: 09c8e36a3ead1b89e83bfd9cd2a9ac872eca9b2626fc0c42d0603e026afeb80d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0331C222E2AE5285F751AB15D841BBC76A0AF80BA1F410635EA2D933D3CF7CF841C715
                                                                                                                                                                                  Function 00007FF6AC3B54C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                  • Instruction ID: 346a4c308053e9aaf5be801581c24ad2faaa3bd34d556c88893280d95d7d0d51
                                                                                                                                                                                  • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC116021E1FE8181EE609F51A400ABDE2A0FF85B80F844431EA4CD7B97CF7DD9509B45
                                                                                                                                                                                  Function 00007FF6AC3C575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                  • Instruction ID: a7b261a5bc138db2b6b816700188f2586876d22567a5508a486750473ee619e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                  • Instruction Fuzzy Hash: B921C232A1EE4187DB618F18E480B7D73A0EB84B95F144234EA5D876DADF3DE8548B00
                                                                                                                                                                                  Function 00007FF6AC3AF61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                                  • Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                  • Instruction ID: 561aedcc5f81d001a8d770420082db21a9debac7b76e0b9cad513b95cd12966d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                  • Instruction Fuzzy Hash: E0018421A0AF4241EE04DB5299019BDA695FFCAFE0F488631DE6C97BF6CE3DD4218704
                                                                                                                                                                                  Function 00007FF6AC3A71B0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A7A30: MultiByteToWideChar.KERNEL32 ref: 00007FF6AC3A7A6A
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6AC3A30BE), ref: 00007FF6AC3A71D3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2592636585-0
                                                                                                                                                                                  • Opcode ID: 63080640ee8bd5a5197bc5957a639ee791a00d05320db4a40cef4a6e5ab977c0
                                                                                                                                                                                  • Instruction ID: f27762bc4ccfee6d2fa06c963fc28b8a5ff0ae7140c90e2f1930f447145e34ff
                                                                                                                                                                                  • Opcode Fuzzy Hash: 63080640ee8bd5a5197bc5957a639ee791a00d05320db4a40cef4a6e5ab977c0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 69E07D11B1994182DF089777F50187AE251AF8CFC0B088030DF0D83706CC3CD8904A00
                                                                                                                                                                                  Function 00007FF6AC3BDD40 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF6AC3BA8B6,?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E), ref: 00007FF6AC3BDD95
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                  • Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                  • Instruction ID: 3df31cf8be63eca3e6a0d39c95c6b4bedc5c48052276304208f4fb42957054f7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                  • Instruction Fuzzy Hash: C2F09054B1BE0340FE946B669910BB506905F89B80F0C9438CE8ECE3D7DD3CE4848214
                                                                                                                                                                                  Function 00007FF6AC3BCACC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF6AC3AFE44,?,?,?,00007FF6AC3B1356,?,?,?,?,?,00007FF6AC3B2949), ref: 00007FF6AC3BCB0A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                  • Opcode ID: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                  • Instruction ID: 02786e3a0025e81f49e1d8d19139bbafd1e0663cde1ad656097c39752f8acfa0
                                                                                                                                                                                  • Opcode Fuzzy Hash: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F0F810F1FF4745FE6496B16951E7912905F88BE0F084630DD2EDA2C3EE6CE8809210

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 00007FF6AC3A1B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                  • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                  • API String ID: 2446303242-1601438679
                                                                                                                                                                                  • Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                  • Instruction ID: 76b667236f6e02c8566f6284a3ecd23432f31bf332817a440f7bec2995346f69
                                                                                                                                                                                  • Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FA15836219F9187E7148F22E558B9EB360F788B94F50412AEB8D53B24CF7DE169CB40
                                                                                                                                                                                  Function 00007FFB0B734A10 Relevance: 33.6, APIs: 11, Strings: 8, Instructions: 351stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strspn$strncmp$strcspn
                                                                                                                                                                                  • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Expecting: $Proc-Type:
                                                                                                                                                                                  • API String ID: 232339659-387852012
                                                                                                                                                                                  • Opcode ID: b2386659ece4750fe9ae2feafc8bf0e5dcd1e9a7885b3b152f0499a308c9a428
                                                                                                                                                                                  • Instruction ID: a2abb7f2dc29f4e0be1d16fe129f7413027d87905d3265e1d33f50be338cfc0f
                                                                                                                                                                                  • Opcode Fuzzy Hash: b2386659ece4750fe9ae2feafc8bf0e5dcd1e9a7885b3b152f0499a308c9a428
                                                                                                                                                                                  • Instruction Fuzzy Hash: 71F16EE6B0864685FB18CB71D450EB927A1BB44B88F448071DA4F977B6EF3CE906C740
                                                                                                                                                                                  Function 00007FFB1BA4BA40 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 221memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • O!O|OO:callback, xrefs: 00007FFB1BA4BA72
                                                                                                                                                                                  • FFI_TRAMPOLINE_SIZE too small in c/libffi_x86_x64\ffi.c, xrefs: 00007FFB1BA4BD53
                                                                                                                                                                                  • libffi failed to build this callback, xrefs: 00007FFB1BA4BDB1
                                                                                                                                                                                  • %s: callback with unsupported argument or return type or with '...', xrefs: 00007FFB1BA4BC55
                                                                                                                                                                                  • Cannot allocate write+execute memory for ffi.callback(). You might be running on a system that prevents this. For more information, see https://cffi.readthedocs.io/en/latest/using.html#callbacks, xrefs: 00007FFB1BA4BBCA
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2812746719.00007FFB1BA41000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFB1BA40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2812729340.00007FFB1BA40000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812770842.00007FFB1BA5C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812790572.00007FFB1BA69000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812811844.00007FFB1BA6F000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb1ba40000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Err_$Dealloc$FormatObject_String$AllocArg_ErrorFatalInfoParseSizeSystemTrackTuple_Virtual
                                                                                                                                                                                  • String ID: %s: callback with unsupported argument or return type or with '...'$Cannot allocate write+execute memory for ffi.callback(). You might be running on a system that prevents this. For more information, see https://cffi.readthedocs.io/en/latest/using.html#callbacks$FFI_TRAMPOLINE_SIZE too small in c/libffi_x86_x64\ffi.c$O!O|OO:callback$libffi failed to build this callback
                                                                                                                                                                                  • API String ID: 1427098410-3074636352
                                                                                                                                                                                  • Opcode ID: 4d6efd42e0ab16b5c5de2bf7890b0b70e3dd8549cecdcf3af63d4dd1d6f40a84
                                                                                                                                                                                  • Instruction ID: 6fae6450110411774411d70a2fdb8d8547412b44968e8d84946fa5ad5836d320
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d6efd42e0ab16b5c5de2bf7890b0b70e3dd8549cecdcf3af63d4dd1d6f40a84
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8BB15FA6A29F4281EA148F35E84467873A6FB89BA4F48A236C94D83774EF3CD545C700
                                                                                                                                                                                  Function 00007FFB0B583229 Relevance: 21.3, APIs: 14, Instructions: 251fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide_errno$FileFind$ErrorFirstLastNextfreemallocmemset
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3372420414-0
                                                                                                                                                                                  • Opcode ID: b84a2f744cee5a13916b1079a4c81b9897484e08d179ab741295abe408a7cb8c
                                                                                                                                                                                  • Instruction ID: 13c638e3fb6bddd7dd8406f17445bb52354edf14565fc8852dbd954ad213564b
                                                                                                                                                                                  • Opcode Fuzzy Hash: b84a2f744cee5a13916b1079a4c81b9897484e08d179ab741295abe408a7cb8c
                                                                                                                                                                                  • Instruction Fuzzy Hash: A3B180A2A04B8286EB248F75D854A7977A4FF49BA4F448235DB5E937F4EF3CE1418304
                                                                                                                                                                                  Function 00007FFB0B58266C Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: EnvironmentVariable$ByteCharMultiWide
                                                                                                                                                                                  • String ID: .rnd$HOME$RANDFILE$SYSTEMROOT$USERPROFILE
                                                                                                                                                                                  • API String ID: 2184640988-1666712896
                                                                                                                                                                                  • Opcode ID: 419c88fdedd40b7a4bd6282dbefca93637e627fdfe4ba8766129e23dca955196
                                                                                                                                                                                  • Instruction ID: 261248a46e6c4a3e98a635aa84c8b11c3380a00403432539886663e813998cd3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 419c88fdedd40b7a4bd6282dbefca93637e627fdfe4ba8766129e23dca955196
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF61B1A2708B9289EB249F31E95097976A1FB59BA4B44C231DE5E837F4DF3DE4058300
                                                                                                                                                                                  Function 00007FFB0B585A1F Relevance: 13.6, APIs: 9, Instructions: 73COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 313767242-0
                                                                                                                                                                                  • Opcode ID: 836932d6aed314119f7ddbe256598baef3b0bd20caf5fb751809a6c17d89e7ea
                                                                                                                                                                                  • Instruction ID: b503eedc09f1379d63280fd3c4b41d0b5c6c7912f36a888ded8e80e8d88d5e5a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 836932d6aed314119f7ddbe256598baef3b0bd20caf5fb751809a6c17d89e7ea
                                                                                                                                                                                  • Instruction Fuzzy Hash: 313121B2609B8186EB609F70E850BED7365FB94784F44843ADA4E87AE5DF38D548C710
                                                                                                                                                                                  Function 00007FF6AC3A6780 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetTempPathW.KERNEL32(?,00000000,?,00007FF6AC3A674D), ref: 00007FF6AC3A681A
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A6990: GetEnvironmentVariableW.KERNEL32(00007FF6AC3A36E7), ref: 00007FF6AC3A69CA
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A6990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6AC3A69E7
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B66B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3B66CD
                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF6AC3A68D1
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2770: MessageBoxW.USER32 ref: 00007FF6AC3A2841
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                  • API String ID: 3752271684-1116378104
                                                                                                                                                                                  • Opcode ID: b4ad522e37175ac7074a900ecec4c645a4870e05ba81b0992846085732047fb7
                                                                                                                                                                                  • Instruction ID: 771f94bf6903326e28b6dcbc28028c187b3cdbc6b5cf88d7bd687b22365bf28a
                                                                                                                                                                                  • Opcode Fuzzy Hash: b4ad522e37175ac7074a900ecec4c645a4870e05ba81b0992846085732047fb7
                                                                                                                                                                                  • Instruction Fuzzy Hash: D251CE25F1FE5290FE58BB36A955AFA52619F89BC0F444034EC0EC7B87ED2EE4028700
                                                                                                                                                                                  Function 00007FF6AC3AB69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                  • Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                  • Instruction ID: 24b0954c82c19e4e0903b3e33a8d032daa5869af6c5c784926ccef3b80992f59
                                                                                                                                                                                  • Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: BC31527260AF818AEB609F60E884BED7364FB84748F444439DA4D97B94DF3DD558C710
                                                                                                                                                                                  Function 00007FF6AC3B9AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                  • Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                  • Instruction ID: 7323c498cb5faac51cd5596734aec1f951bf737db29724f39d90caaeeac96feb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                  • Instruction Fuzzy Hash: CE316032A19F8186DB60CF25E8406EE73A4FB88758F500135EA8D83BA5DF3DD559CB40
                                                                                                                                                                                  Function 00007FF6AC3C09B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2227656907-0
                                                                                                                                                                                  • Opcode ID: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
                                                                                                                                                                                  • Instruction ID: 853903cc626026690940bfc31f6be6d4da3c07a907187b08162378f752146226
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 54B1C426B1EEE241EA60DB25D404ABD63A0EB54BE4F445132EE5E9BBC5DE3CF449C700
                                                                                                                                                                                  Function 00007FFB0B5822E8 Relevance: 6.4, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmove$memset
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3790616698-0
                                                                                                                                                                                  • Opcode ID: 51b66f021cd6887e2f3166c0257dd0c7f3025c7e02eaaa6dc68159711c9c4620
                                                                                                                                                                                  • Instruction ID: b4f31f7d3f6b94b41d504351fcdd1d0c39277005dc4eb653f7056e24aec7a391
                                                                                                                                                                                  • Opcode Fuzzy Hash: 51b66f021cd6887e2f3166c0257dd0c7f3025c7e02eaaa6dc68159711c9c4620
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2251E472B1DB8586DA10CB26E44066EBBA4FB49BD4F458135EE9E477B5CE3CD105C700
                                                                                                                                                                                  Function 00007FFB0B582B5D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57networkCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLastbind
                                                                                                                                                                                  • String ID: ..\s\crypto\bio\b_sock2.c
                                                                                                                                                                                  • API String ID: 2328862993-3200932406
                                                                                                                                                                                  • Opcode ID: c767e834a84740a79c233dcad0d39ea44b2e2a28cfc1136448b175a4500b188a
                                                                                                                                                                                  • Instruction ID: 726ea03e6667364605a9d740ec076afcdd9f6a4b192e9430bf65a6d9bce4a0a8
                                                                                                                                                                                  • Opcode Fuzzy Hash: c767e834a84740a79c233dcad0d39ea44b2e2a28cfc1136448b175a4500b188a
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF2162B1B1855286E710DB35E800AAE7760FB84B84F408135EA5E97BEADF3DE545DB00
                                                                                                                                                                                  Function 00007FFB0B50F930 Relevance: 3.0, APIs: 2, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InfoLocale___lc_locale_name_func__crt
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2625200093-0
                                                                                                                                                                                  • Opcode ID: 452bc398865e805a221a8c6e4f8b9859baf2ce5d8fdd9b436033a1a2ba9836ed
                                                                                                                                                                                  • Instruction ID: a068973cdabc85f3a36100d01b8e21910309a2248ee30ccbae10f0a348e24d08
                                                                                                                                                                                  • Opcode Fuzzy Hash: 452bc398865e805a221a8c6e4f8b9859baf2ce5d8fdd9b436033a1a2ba9836ed
                                                                                                                                                                                  • Instruction Fuzzy Hash: 99F0A7B6A3834647D7649B64D0E0EA83360EB48710FC08435ED4B822AACB28D9CACA00
                                                                                                                                                                                  Function 00007FFB0B584241 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6d58eeaf8cd2fa5640d15759ddfc5afba554c71bdb7935a9bc8fe32cedcf6388
                                                                                                                                                                                  • Instruction ID: d1792ff1c28a5612bc44f0791e9e12f780018d5a8fb9531bd2d747f9176e9884
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d58eeaf8cd2fa5640d15759ddfc5afba554c71bdb7935a9bc8fe32cedcf6388
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF0E9723283E105C755CA36A808F596DD59391BC8F16C030E90DD3F64E92ED5018B40
                                                                                                                                                                                  Function 00007FFB0B58572C Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8b647e036b0e5ae8a118200442eb522906dc17efbe743a2891263b2f3e414abb
                                                                                                                                                                                  • Instruction ID: 59098e5cb65b2adee5deb918a8d557e4b3f9b709379ee563081faf7d9af814d1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b647e036b0e5ae8a118200442eb522906dc17efbe743a2891263b2f3e414abb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EE0DFB37183A405D756CA336918E69AA90A714B89F43C030A90ED3BA5EC2EC702CB40
                                                                                                                                                                                  Function 00007FF6AC3A3DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                  • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                  • API String ID: 190572456-3109299426
                                                                                                                                                                                  • Opcode ID: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                  • Instruction ID: 391aea9f088292cacc0b3b88ba1d5d09cc78896363549ae08ddefb5438f35367
                                                                                                                                                                                  • Opcode Fuzzy Hash: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC42C164A0FF2791FE95CB09B854DB823A5AF94789B846436C90E86364FF7DF56CC200
                                                                                                                                                                                  Function 00007FF6AC3A55D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                  • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                  • API String ID: 2238633743-1453502826
                                                                                                                                                                                  • Opcode ID: f7c8ee974489954c5cd6f430076d10814794685a81879c16293a8bddc0af0375
                                                                                                                                                                                  • Instruction ID: 3665cf10fbb949818df7f78578bed1917b28374c9a7bc214c13ad388619a5799
                                                                                                                                                                                  • Opcode Fuzzy Hash: f7c8ee974489954c5cd6f430076d10814794685a81879c16293a8bddc0af0375
                                                                                                                                                                                  • Instruction Fuzzy Hash: 39E1B3B4A0FF2390FE55CB05B9549B823A5BF89794B846035C80E963A8EF7DF56D8310
                                                                                                                                                                                  Function 00007FFB0B733F10 Relevance: 49.7, APIs: 19, Strings: 14, Instructions: 223stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B733F61
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B733F78
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B733F8F
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B733FC2
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B73400B
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B73403F
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B734091
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B7340A4
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B7340BB
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B7340CE
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B7340E5
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B7340F8
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B73410F
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B734122
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B734135
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B734148
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B73415B
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B7341A7
                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFB0B734B53,?,?,?,?,?,?,?,?,00007FFB0B732B8B), ref: 00007FFB0B7341D2
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strcmp
                                                                                                                                                                                  • String ID: ANY PRIVATE KEY$CERTIFICATE$CERTIFICATE REQUEST$CMS$DH PARAMETERS$ENCRYPTED PRIVATE KEY$NEW CERTIFICATE REQUEST$PARAMETERS$PKCS #7 SIGNED DATA$PKCS7$PRIVATE KEY$TRUSTED CERTIFICATE$X509 CERTIFICATE$X9.42 DH PARAMETERS
                                                                                                                                                                                  • API String ID: 1004003707-1119032718
                                                                                                                                                                                  • Opcode ID: 53791607f956101f911f03bce5df1fcc48f1ca8588c3d50ca4fb3c9ab6ede07a
                                                                                                                                                                                  • Instruction ID: d0d18915b62d815c6371d44e8fd94df1d6bc2ef0dfe3567c4eebb854612bd5c0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 53791607f956101f911f03bce5df1fcc48f1ca8588c3d50ca4fb3c9ab6ede07a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 75918BD2B0CA4790EE689B35D951A782691BF56FD4F84D235DD4FC23FAEE2CE6418200
                                                                                                                                                                                  Function 00007FFB0B581B77 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 204stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strspn$strncmp
                                                                                                                                                                                  • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Proc-Type:
                                                                                                                                                                                  • API String ID: 1384302209-3505811795
                                                                                                                                                                                  • Opcode ID: 398b3682302abd1cc3d8a4816504ce7b5e9254469f9c734eb94c0a305c6e8597
                                                                                                                                                                                  • Instruction ID: dfcf503ca6915796808b2ab49ace7686f8a79a96f6c466e1d0878e0af8dcc286
                                                                                                                                                                                  • Opcode Fuzzy Hash: 398b3682302abd1cc3d8a4816504ce7b5e9254469f9c734eb94c0a305c6e8597
                                                                                                                                                                                  • Instruction Fuzzy Hash: FC918BE2B0869786E7218B31E850DB97750BB04B84F41C035DA8F876B6EF7CE94A8744
                                                                                                                                                                                  Function 00007FFB0B50FBE0 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FC2E
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FC82
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FCD2
                                                                                                                                                                                  • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B50FD76
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FD93
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FDC9
                                                                                                                                                                                  • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B50FDF4
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FE11
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FE3A
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FE72
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6B2
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6D8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: memmove.VCRUNTIME140(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6F0
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B50FD24
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFB0B516419
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFB0B52CAF9,?,?,00000000,00007FFB0B4EC4D0), ref: 00007FFB0B51642A
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74B8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74E5
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B50FEAE
                                                                                                                                                                                    • Part of subcall function 00007FFB0B515920: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B51592F
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFB0B50FE1C
                                                                                                                                                                                  • :AM:am:PM:pm, xrefs: 00007FFB0B50FE68
                                                                                                                                                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0B50FD9E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: calloc$free$Concurrency::cancel_current_task$ExceptionGetdaysGetmonthsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func_lock_localesmallocmemmovestd::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                  • API String ID: 3718130286-35662545
                                                                                                                                                                                  • Opcode ID: 4984866773faa2ba8b097bb784f106a27c12d0944b280fa2bc18804908d0bf42
                                                                                                                                                                                  • Instruction ID: be6d182dbd8548694c05e0cb1a6751b96d1c7295c41e79afcb2b8fba7b6fcbeb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4984866773faa2ba8b097bb784f106a27c12d0944b280fa2bc18804908d0bf42
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FB1A0A2B19B8185EF218F31E824A6977A1FB55BD0F1881B5DE5E877A6DF3CE441C300
                                                                                                                                                                                  Function 00007FFB0B584E3F Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 205registryfileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite__stdio_common_vsprintf__stdio_common_vswprintf
                                                                                                                                                                                  • String ID: $OpenSSL$OpenSSL: FATAL$no stack?
                                                                                                                                                                                  • API String ID: 2603057392-2963566556
                                                                                                                                                                                  • Opcode ID: 4334f370b7a482bd35c4ecd3ae7f0d910e81077902a64c89114c2b2096981407
                                                                                                                                                                                  • Instruction ID: 25f65e54a4a7e3290bc2605a9df9fbd45f43db36addd20e516dfa6f890baf4fd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4334f370b7a482bd35c4ecd3ae7f0d910e81077902a64c89114c2b2096981407
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D91E4B2A08B8285EB208F34D8549A97760FB45B94F448336EB5E97AE5EF38E155C310
                                                                                                                                                                                  Function 00007FFB1BA4D440 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 108COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • from_buffer('%s', ..): the actual length of the array cannot be computed, xrefs: 00007FFB1BA4D5AF
                                                                                                                                                                                  • expected a pointer or array ctype, got '%s', xrefs: 00007FFB1BA4D471
                                                                                                                                                                                  • buffer is too small (%zd bytes) for '%s' (%zd bytes), xrefs: 00007FFB1BA4D54C
                                                                                                                                                                                  • from_buffer() cannot return the address of a unicode object, xrefs: 00007FFB1BA4D49F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2812746719.00007FFB1BA41000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFB1BA40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2812729340.00007FFB1BA40000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812770842.00007FFB1BA5C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812790572.00007FFB1BA69000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812811844.00007FFB1BA6F000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb1ba40000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Err_$FormatString
                                                                                                                                                                                  • String ID: buffer is too small (%zd bytes) for '%s' (%zd bytes)$expected a pointer or array ctype, got '%s'$from_buffer('%s', ..): the actual length of the array cannot be computed$from_buffer() cannot return the address of a unicode object
                                                                                                                                                                                  • API String ID: 4212644371-2010142110
                                                                                                                                                                                  • Opcode ID: 7525646fe25f32f6fb35656c4c51a2df81661c9539c119611b2f1bbd9b4da686
                                                                                                                                                                                  • Instruction ID: 5bd229bef5e11fa051af9c64ed229f526328b842d54b8cf6364a19ca9fcafbdb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7525646fe25f32f6fb35656c4c51a2df81661c9539c119611b2f1bbd9b4da686
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A5180B1A28F4285EA14CB35E44067823A2FB85FA8F48A631CE4D47774DF3CE945C780
                                                                                                                                                                                  Function 00007FFB0B4E7850 Relevance: 22.7, APIs: 15, Instructions: 168COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Xp_setw$Xp_setn$Xp_addhXp_addxXp_mulhXp_mulxiswctype$DscaleStofltStoxflt
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1993114911-0
                                                                                                                                                                                  • Opcode ID: 93daba1b2ca0e0d8915cb4de3bf39f6ce065bf3dbf861f4ba4fb38182f6be529
                                                                                                                                                                                  • Instruction ID: 2dbdf41fde5d136661946c7cba8b5f0b4f9dec2524e728c61e8c4ce8550b8b9d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 93daba1b2ca0e0d8915cb4de3bf39f6ce065bf3dbf861f4ba4fb38182f6be529
                                                                                                                                                                                  • Instruction Fuzzy Hash: 446162A2F085429AF712DFB1D480AFD3721AB54758F508635DE1FA77A5DE38EB0A8304
                                                                                                                                                                                  Function 00007FFB0B4E75D0 Relevance: 22.7, APIs: 15, Instructions: 168COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulxiswctype$DscaleStofltStoxfltXp_addhXp_mulh
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3318484812-0
                                                                                                                                                                                  • Opcode ID: a768420c2b5fff2fb4244aeac776d75f58bcfee5bf1117b7cc1e02417c62bbbc
                                                                                                                                                                                  • Instruction ID: b1870c10cbb8da92f09dc9d70314097973f84d097a034564af717d1b6d2540e3
                                                                                                                                                                                  • Opcode Fuzzy Hash: a768420c2b5fff2fb4244aeac776d75f58bcfee5bf1117b7cc1e02417c62bbbc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4061C0A2F1864282EA119E71E480AAE6720FB94754F508132EE5F936A5DF7CEB05CB00
                                                                                                                                                                                  Function 00007FFB0B4E5D70 Relevance: 22.7, APIs: 15, Instructions: 168COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Xp_setw$Xp_setn$Xp_addhXp_addxXp_mulhXp_mulx$DscaleStofltStoxfltisspaceisxdigit
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1532609390-0
                                                                                                                                                                                  • Opcode ID: 04dc50dfbf98f029935054b8049ea78db01762cf3d60922a2d415e396d3f7e9b
                                                                                                                                                                                  • Instruction ID: 5ec150e9b9565ae71f2ad0775954376d0652fbf44f6019365322de3d6a989a0f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 04dc50dfbf98f029935054b8049ea78db01762cf3d60922a2d415e396d3f7e9b
                                                                                                                                                                                  • Instruction Fuzzy Hash: FD6193A2F085429AE712DFB5D440AFD3731AB6474CF508635DE1FA76A5DE38E70A8700
                                                                                                                                                                                  Function 00007FFB0B4E5AF0 Relevance: 22.7, APIs: 15, Instructions: 167COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulx$DscaleStofltStoxfltXp_addhXp_mulhisspaceisxdigit
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1561094175-0
                                                                                                                                                                                  • Opcode ID: 26f20ec9df820aa32de266d0aeb6ef9945677f21c9edbebf0351e67feff02a77
                                                                                                                                                                                  • Instruction ID: 6299c6744e91baf2ad0611edebc3f3355176b55d05de2429f955dbd596c39a7c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 26f20ec9df820aa32de266d0aeb6ef9945677f21c9edbebf0351e67feff02a77
                                                                                                                                                                                  • Instruction Fuzzy Hash: B361C2A2F1C64286EB11DE71E440AAE6720FBA4748F508132EE5F976A5DE3CD7458B00
                                                                                                                                                                                  Function 00007FFB0B581C1C Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 267stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strcmp$strncmp
                                                                                                                                                                                  • String ID: ..\s\crypto\asn1\asn_mime.c$application/pkcs7-mime$application/pkcs7-signature$application/x-pkcs7-mime$application/x-pkcs7-signature$boundary$content-type$multipart/signed$type:
                                                                                                                                                                                  • API String ID: 1244041713-3630080479
                                                                                                                                                                                  • Opcode ID: fe6ee42ba66115c3f582b9304316164a699994161a53c33d26c7d699cf67fd0c
                                                                                                                                                                                  • Instruction ID: 3f2eec785dbbb7efce03f076bca6b7ff68605beeda9a92fb401221fa137fc52d
                                                                                                                                                                                  • Opcode Fuzzy Hash: fe6ee42ba66115c3f582b9304316164a699994161a53c33d26c7d699cf67fd0c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AC16CE2A0C64281EA10EB31D861EB9A351BF45B84F44C035E94FA77B6EF3DE645D710
                                                                                                                                                                                  Function 00007FFB0B4E6380 Relevance: 21.2, APIs: 14, Instructions: 168COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulx$StofltStoxfltXp_addhXp_mulhisspaceisxdigit
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3077680349-0
                                                                                                                                                                                  • Opcode ID: 68dfcd458d3605dce68000bdeb4d798d5053b9c95eebfd4242a2a1a3d2f218f3
                                                                                                                                                                                  • Instruction ID: 9de2e31d56b01a66d225a31b2c289f803dc76b3e43e81feef72f00868fad46e9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 68dfcd458d3605dce68000bdeb4d798d5053b9c95eebfd4242a2a1a3d2f218f3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5661C3A2F1864282E611DE71E4409BE6720FF95744F528532EE5F937AADE3CE745C700
                                                                                                                                                                                  Function 00007FFB0B4E7D80 Relevance: 21.2, APIs: 14, Instructions: 168COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulxiswctype$StofltStoxfltXp_addhXp_mulh
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3654286868-0
                                                                                                                                                                                  • Opcode ID: 56d0606d6971f6acfb222be0b758f0c72f6c494c9e9316963bc2f0e9e72bf29e
                                                                                                                                                                                  • Instruction ID: 8b038e680c09d7e5a1f5e38277de0a73c409238efa53b9da0915a283aca1620e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 56d0606d6971f6acfb222be0b758f0c72f6c494c9e9316963bc2f0e9e72bf29e
                                                                                                                                                                                  • Instruction Fuzzy Hash: FB61E2A2F18A4282E711DE71E440ABEA720FB84754F518132EE5F977A6DE3CDB498700
                                                                                                                                                                                  Function 00007FFB0B581F69 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ..\s\crypto\rand\randfile.c$Filename=$i
                                                                                                                                                                                  • API String ID: 0-1799673945
                                                                                                                                                                                  • Opcode ID: 9b4ea193b028727d5cf33481ab8e51e1a79f6630d4abdc56d1a885e2ca4d3d0c
                                                                                                                                                                                  • Instruction ID: c64996c8f639329f5a3bb95f91dc5f58ab3a8acc7f0957412d4e94828a79d2bf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b4ea193b028727d5cf33481ab8e51e1a79f6630d4abdc56d1a885e2ca4d3d0c
                                                                                                                                                                                  • Instruction Fuzzy Hash: AA5161E1A08B4286F6289B35D850EBA33A1FF85B91F408135D95F876F5EF3DE5058700
                                                                                                                                                                                  Function 00007FF6AC3A1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                  • API String ID: 0-666925554
                                                                                                                                                                                  • Opcode ID: dacf21bd3db64fbda81cadc0b83fa61d96f95bd2d36d801776ac7508c64d1bef
                                                                                                                                                                                  • Instruction ID: 3dfabf354c9f6b4d46e06df0b98cff813539f29b846d3e3b7ec2f6caaae3042b
                                                                                                                                                                                  • Opcode Fuzzy Hash: dacf21bd3db64fbda81cadc0b83fa61d96f95bd2d36d801776ac7508c64d1bef
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8851AC61B0EE4281EE20DB11E444EB973A0AF85BD4F444131DE5DC7BA6EE3EE5698300
                                                                                                                                                                                  Function 00007FFB1BA49640 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 133COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2812746719.00007FFB1BA41000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFB1BA40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2812729340.00007FFB1BA40000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812770842.00007FFB1BA5C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812790572.00007FFB1BA69000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812811844.00007FFB1BA6F000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb1ba40000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Err_$FormatString
                                                                                                                                                                                  • String ID: [%llu]$array item of unknown size: '%s'$array size would overflow a Py_ssize_t$first arg must be a pointer ctype
                                                                                                                                                                                  • API String ID: 4212644371-2481730993
                                                                                                                                                                                  • Opcode ID: f630155c653f34fd52423c5517115943ef728d6e1aab5762a172e27c4ed1413a
                                                                                                                                                                                  • Instruction ID: 5dcecbee6c5dea537e06583ff2feb08f20e12d505cfbc367e1e855c776966b0f
                                                                                                                                                                                  • Opcode Fuzzy Hash: f630155c653f34fd52423c5517115943ef728d6e1aab5762a172e27c4ed1413a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3251E3B2A28F8285DB10CF25E844B6973AAFB49BA4F45A335DA8D47764DF3CD105C700
                                                                                                                                                                                  Function 00007FF6AC3A78A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                  • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                  • API String ID: 4998090-2855260032
                                                                                                                                                                                  • Opcode ID: 325d64cfb385d23493eb0389c0ea059c6d59262dbafda5a72abe8264351e6c2a
                                                                                                                                                                                  • Instruction ID: 1c061aafe7ca6d027332a7deecbffbee793dd4cc9fc7c796e492d836cf179a1b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 325d64cfb385d23493eb0389c0ea059c6d59262dbafda5a72abe8264351e6c2a
                                                                                                                                                                                  • Instruction Fuzzy Hash: DF417C3261DE8282EB509F24E484ABA7361FBC5794F440235EA9EC76E5DF3DE548CB40
                                                                                                                                                                                  Function 00007FFB0B50FD2C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74B8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74E5
                                                                                                                                                                                  • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B50FD76
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FD93
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FDC9
                                                                                                                                                                                  • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B50FDF4
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FE11
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FE3A
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FE72
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6B2
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6D8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: memmove.VCRUNTIME140(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6F0
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B50FEAE
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFB0B516419
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFB0B52CAF9,?,?,00000000,00007FFB0B4EC4D0), ref: 00007FFB0B51642A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFB0B50FE1C
                                                                                                                                                                                  • :AM:am:PM:pm, xrefs: 00007FFB0B50FE68
                                                                                                                                                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0B50FD9E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: callocfree$Concurrency::cancel_current_taskExceptionGetdaysGetmonthsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemmovestd::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                  • API String ID: 807092789-35662545
                                                                                                                                                                                  • Opcode ID: c96668183701c6eda3072c66f0e30224a7173cc72ed510ee49ab9830892cee25
                                                                                                                                                                                  • Instruction ID: 019d56eaf0ac5b89d0022e9c58686b9cd1c969928ef6e08b1fd9c714630cf0e3
                                                                                                                                                                                  • Opcode Fuzzy Hash: c96668183701c6eda3072c66f0e30224a7173cc72ed510ee49ab9830892cee25
                                                                                                                                                                                  • Instruction Fuzzy Hash: CE419FA2B19B8185EF518F31E928A6877A1BB18FD0F4881B4DE5E473A6DF3CE544C340
                                                                                                                                                                                  Function 00007FFB0B4E9320 Relevance: 18.2, APIs: 12, Instructions: 231COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide$__strncntfreemalloc$CompareInfoString__crt
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1548350897-0
                                                                                                                                                                                  • Opcode ID: 86e6458747dd585bbaca4ee4a0804712e124df9f5143478126bb692e17416477
                                                                                                                                                                                  • Instruction ID: a3d5fd18c6891fe66d0b1139a1d9464326e6880268683eadd50fad24d20211f0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 86e6458747dd585bbaca4ee4a0804712e124df9f5143478126bb692e17416477
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D91BEF2A0C69286EB318B35D450A7D6691AF44BA4F48C232DA7F867E5DF3CE7458300
                                                                                                                                                                                  Function 00007FF6AC3A2030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                  • String ID: P%
                                                                                                                                                                                  • API String ID: 2147705588-2959514604
                                                                                                                                                                                  • Opcode ID: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                                                                                                                                                  • Instruction ID: c68d07d2836a55ec637f0a35dcde4c0f0bd2d49ddfc08cbe3fe2d093cb56cff4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A510626619BA186D6349F26E4185BAB7A1FB98B61F004121EFDF83794DF3CE049DB10
                                                                                                                                                                                  Function 00007FFB0B4FC2B0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74B8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74E5
                                                                                                                                                                                  • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B4FC2F5
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4FC312
                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 00007FFB0B4FC32E
                                                                                                                                                                                  • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B4FC337
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4FC354
                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 00007FFB0B4FC370
                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 00007FFB0B4FC385
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6B2
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6D8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: memmove.VCRUNTIME140(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6F0
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFB0B4FC35F
                                                                                                                                                                                  • :AM:am:PM:pm, xrefs: 00007FFB0B4FC37E
                                                                                                                                                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0B4FC31D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Maklocstrfree$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemmove
                                                                                                                                                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                  • API String ID: 269533641-35662545
                                                                                                                                                                                  • Opcode ID: 0820c1a4a04c52d0eb239fbab98a74cf88671c412056eb74643d8d24ad950682
                                                                                                                                                                                  • Instruction ID: 26221a9f7d65026d6e54090594a87180485349073d6ed70ba491201f97978e08
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0820c1a4a04c52d0eb239fbab98a74cf88671c412056eb74643d8d24ad950682
                                                                                                                                                                                  • Instruction Fuzzy Hash: C0214162A04F4682E700DF31E4512AC73A1FB98F84F448135DA4E97766DF3CE695C380
                                                                                                                                                                                  Function 00007FFB0B4E9710 Relevance: 16.7, APIs: 11, Instructions: 193COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharCompareMultiStringWide__crt$freemalloc$__strncnt
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 525835285-0
                                                                                                                                                                                  • Opcode ID: f6e00a47ca206d7a4e1b7c1a66c0737e84cf9e0c9f132774600d41b7bf988ede
                                                                                                                                                                                  • Instruction ID: aa1a51287965b16f42f2603152dcea82516d58971b588aef1bd3b841d6df9a50
                                                                                                                                                                                  • Opcode Fuzzy Hash: f6e00a47ca206d7a4e1b7c1a66c0737e84cf9e0c9f132774600d41b7bf988ede
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C71A4B2A0974286EB208F31D450B7D63A1FF44BA4F548235DA6F83BE5DF3CE6458600
                                                                                                                                                                                  Function 00007FFB0B587202 Relevance: 16.7, APIs: 4, Strings: 7, Instructions: 159stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strchr
                                                                                                                                                                                  • String ID: ..\s\crypto\ocsp\ocsp_lib.c$/$/$443$[$http$https
                                                                                                                                                                                  • API String ID: 2830005266-535551730
                                                                                                                                                                                  • Opcode ID: 6eb130b0f5c21958511a8e702daf4266c95806829202302b079b70cbd7730d24
                                                                                                                                                                                  • Instruction ID: 06ce8436fdf37bdcfc80b318697bd604541918adeb9eef738353c814664b3dcc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6eb130b0f5c21958511a8e702daf4266c95806829202302b079b70cbd7730d24
                                                                                                                                                                                  • Instruction Fuzzy Hash: BC618EA2A09B4284EB16DB35D420AB93B60FB55B84F85C035DE4F877B2EE3DE556C700
                                                                                                                                                                                  Function 00007FFB0B5832AB Relevance: 16.6, APIs: 5, Strings: 6, Instructions: 127stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: atoi$strcmp
                                                                                                                                                                                  • String ID: ..\s\crypto\ts\ts_conf.c$accuracy$microsecs$millisecs$p$secs
                                                                                                                                                                                  • API String ID: 4175852868-1596076588
                                                                                                                                                                                  • Opcode ID: a354be8fb617e6a659b2ebe151350e266f0d4f90f2c91f9f87cda44e37b83124
                                                                                                                                                                                  • Instruction ID: b22ee19b9f474db68140aa700b7201618d20715d1b51c5f34e330a8afc73855d
                                                                                                                                                                                  • Opcode Fuzzy Hash: a354be8fb617e6a659b2ebe151350e266f0d4f90f2c91f9f87cda44e37b83124
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9515DA1A0874796FA14AB36E824EBA77A1BF44B84F40C035DD0F977B2EF3CE5458600
                                                                                                                                                                                  Function 00007FFB0B524890 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 228COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 2003779279-1866435925
                                                                                                                                                                                  • Opcode ID: 5079871919eeef31b104849c91ea34eddbb498ae389773a60f034b0124e3a6ee
                                                                                                                                                                                  • Instruction ID: e62e52bb50235aecac90ab918462c60f431955c4ff3879dec3f53937f19ab003
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5079871919eeef31b104849c91ea34eddbb498ae389773a60f034b0124e3a6ee
                                                                                                                                                                                  • Instruction Fuzzy Hash: 62919EB2A09A4681EF148B29D4A1BB93761FB81F84F44C075DA1F877B6DF2DE946C700
                                                                                                                                                                                  Function 00007FFB0B4FA300 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 165fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Initstd::ios_base::_$AddstdExceptionThrowfputwcfwritestd::ios_base::failure::failurestd::locale::_
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 247381371-1866435925
                                                                                                                                                                                  • Opcode ID: 35a38cbc79ebcab4b9ad5f99447ef1bcd6ff45df82ca40ad9567068bb31a2069
                                                                                                                                                                                  • Instruction ID: 30eaac0f6f4ee9b76cfb608efa1ccb9419d8fde00f924ca7d0c8bb4b73d1a745
                                                                                                                                                                                  • Opcode Fuzzy Hash: 35a38cbc79ebcab4b9ad5f99447ef1bcd6ff45df82ca40ad9567068bb31a2069
                                                                                                                                                                                  • Instruction Fuzzy Hash: C1718FB3A19A8695EB10CF75D4506AD33B0FB44B88F849032EB4E87765DF39E655C700
                                                                                                                                                                                  Function 00007FFB0B4E68B0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 150COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFB0B4E62F5), ref: 00007FFB0B4E68F7
                                                                                                                                                                                  • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFB0B4E62F5), ref: 00007FFB0B4E698F
                                                                                                                                                                                  • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FFB0B4E62F5), ref: 00007FFB0B4E69A1
                                                                                                                                                                                  • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFB0B4E62F5), ref: 00007FFB0B4E69D6
                                                                                                                                                                                  • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FFB0B4E62F5), ref: 00007FFB0B4E69E4
                                                                                                                                                                                  • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00007FFB0B4E62F5), ref: 00007FFB0B4E6A4C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                                  • String ID: 0$0$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                  • API String ID: 3508154992-2432849056
                                                                                                                                                                                  • Opcode ID: 52be6e07b037d6f09550230747a39371e924b433e1c7da1dee62df230f17126e
                                                                                                                                                                                  • Instruction ID: 7ac5d63d141eaf13bc1aa456154c2a1ed67180bdeb3613e6070a4526925f4fcf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 52be6e07b037d6f09550230747a39371e924b433e1c7da1dee62df230f17126e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2151E892E0D7C245E7219B34E850B7D7AA0BB61B54F1AD034CDAF823B5DE3CAB468700
                                                                                                                                                                                  Function 00007FFB0B4E6AA0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 147COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FFB0B4E6675), ref: 00007FFB0B4E6ADC
                                                                                                                                                                                  • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FFB0B4E6675), ref: 00007FFB0B4E6B76
                                                                                                                                                                                  • memchr.VCRUNTIME140(?,?,?,?,?,00007FFB0B4E6675), ref: 00007FFB0B4E6B88
                                                                                                                                                                                  • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FFB0B4E6675), ref: 00007FFB0B4E6BBB
                                                                                                                                                                                  • memchr.VCRUNTIME140(?,?,?,?,?,00007FFB0B4E6675), ref: 00007FFB0B4E6BC9
                                                                                                                                                                                  • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00007FFB0B4E6675), ref: 00007FFB0B4E6C27
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                                  • String ID: 0$0$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                  • API String ID: 3508154992-2432849056
                                                                                                                                                                                  • Opcode ID: 43815465dc66ac9b27d3f1ae7d633b0096f14b933a58eda5914f7ac150fdf0fb
                                                                                                                                                                                  • Instruction ID: 58dff30e108ecf54deccf411f0bd8051db913f5b8a0f1fa62942d1e431472cea
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43815465dc66ac9b27d3f1ae7d633b0096f14b933a58eda5914f7ac150fdf0fb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C5117A2E0D69149FB219B74E460B7D66A1BB64B54F59C030CEAF863B5DE3CE7428300
                                                                                                                                                                                  Function 00007FFB0B505A20 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B505A60
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74B8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74E5
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B505AE7
                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 00007FFB0B505B26
                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 00007FFB0B505B40
                                                                                                                                                                                  • _Getvals.LIBCPMT ref: 00007FFB0B505C3A
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B505C41
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFB0B516419
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFB0B52CAF9,?,?,00000000,00007FFB0B4EC4D0), ref: 00007FFB0B51642A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Maklocstr$Concurrency::cancel_current_taskExceptionGetvalsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID: ,$false$true
                                                                                                                                                                                  • API String ID: 2135902765-760133229
                                                                                                                                                                                  • Opcode ID: 67ee8f4e636e21bca307c7727e2474fd631be0ead37d0a99a3418088d2fddda1
                                                                                                                                                                                  • Instruction ID: fb9dc5bb1873b3955e273aef36b33e24c7db166fe755c122c84a4f01a5c26094
                                                                                                                                                                                  • Opcode Fuzzy Hash: 67ee8f4e636e21bca307c7727e2474fd631be0ead37d0a99a3418088d2fddda1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B519162518BC182E661CB34F4506AEB7A4FB98760F449222EBDE47766EF3CD585CB00
                                                                                                                                                                                  Function 00007FFB0B4F55B8 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4F55E3
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74B8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74E5
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4F563B
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4F567A
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4F56B4
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B4F5712
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFB0B516419
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFB0B52CAF9,?,?,00000000,00007FFB0B4EC4D0), ref: 00007FFB0B51642A
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B4F5718
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B4F571D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Concurrency::cancel_current_taskcalloc$ExceptionThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                  • API String ID: 2349454547-2658103896
                                                                                                                                                                                  • Opcode ID: 5c88745e38c7f4b10ae99f2d41da75766dca5b299c890f36dbbf9fece8871ee5
                                                                                                                                                                                  • Instruction ID: a139eb6d4f965c00ac5953409be55aad5213012ed226d1f3e6b7f7542de2cf69
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c88745e38c7f4b10ae99f2d41da75766dca5b299c890f36dbbf9fece8871ee5
                                                                                                                                                                                  • Instruction Fuzzy Hash: A04122B6B19B8281EB058B30E55476D67A1FB24FA8F148671CE6E433B5DE3CE5068340
                                                                                                                                                                                  Function 00007FFB0B5823D3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindowwcsstr
                                                                                                                                                                                  • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                                  • API String ID: 459917433-1672312481
                                                                                                                                                                                  • Opcode ID: bc225b995bbff2d3b119e7081b5c779a5c3234c2f77d3222796a288c2c9d01dd
                                                                                                                                                                                  • Instruction ID: ec204a5df9e442e8c896bf1a0ce44504df7dabaec040bccd35676573f4c70bdc
                                                                                                                                                                                  • Opcode Fuzzy Hash: bc225b995bbff2d3b119e7081b5c779a5c3234c2f77d3222796a288c2c9d01dd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 234110A1609B8286EB509F34D840AA863A0EF487B4F549739E97E877F5DF3CE5448710
                                                                                                                                                                                  Function 00007FF6AC3A74B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00007FF6AC3A26A0), ref: 00007FF6AC3A74D7
                                                                                                                                                                                  • FormatMessageW.KERNEL32(00000000,00007FF6AC3A26A0), ref: 00007FF6AC3A7506
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32 ref: 00007FF6AC3A755C
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6AC3A7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A2654
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: MessageBoxW.USER32 ref: 00007FF6AC3A272C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                  • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                  • API String ID: 2920928814-2573406579
                                                                                                                                                                                  • Opcode ID: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                  • Instruction ID: 14e9587918caca6f8a669386340dfe3f6b504567172c5eff8ab30edf858b043d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A219531A0EE4282EB649F20F894BBA73A1FF89385F840035D54DC26A5EF7DE519C740
                                                                                                                                                                                  Function 00007FFB0B68C980 Relevance: 15.2, APIs: 1, Strings: 9, Instructions: 238stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                  • String ID: %-8d$, path=$, retcode=$, value=$..\s\crypto\conf\conf_mod.c$OPENSSL_finish$OPENSSL_init$module=$path
                                                                                                                                                                                  • API String ID: 1114863663-3652895664
                                                                                                                                                                                  • Opcode ID: b768d7edf3613b4302f815e2c327cae83375b0b9509075966fb40fc703215ed3
                                                                                                                                                                                  • Instruction ID: 3ab2851cd88d9605cb14b31733955505933d2d05da70ecddda6cf810f568b197
                                                                                                                                                                                  • Opcode Fuzzy Hash: b768d7edf3613b4302f815e2c327cae83375b0b9509075966fb40fc703215ed3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FA153E1A0974245FA649B35EC10EB9A250EF48784F448235EE1F9BBB6EF3CE545C710
                                                                                                                                                                                  Function 00007FFB0B584B3D Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 127stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                  • String ID: , value=$..\s\crypto\x509v3\v3_conf.c$/$ASN1:$DER:$critical,$name=
                                                                                                                                                                                  • API String ID: 1114863663-1429737502
                                                                                                                                                                                  • Opcode ID: 7f2ca93d11da1ca7a80ac0ee73faedd964ac5519fcad5655242ec72a9e8b707f
                                                                                                                                                                                  • Instruction ID: f77501f5c39b1e88c7e7cacbc9fccef59d34b8c78059ac2a23bc8e58db72f780
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f2ca93d11da1ca7a80ac0ee73faedd964ac5519fcad5655242ec72a9e8b707f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A41DEA1B08A8641EB119F36E800F7A6A90AF59BC4F49C034DD5F877F6EE3CE5458B04
                                                                                                                                                                                  Function 00007FF6AC3B0228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: f$f$p$p$f
                                                                                                                                                                                  • API String ID: 3215553584-1325933183
                                                                                                                                                                                  • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                  • Instruction ID: fef1b8fcd57a68b0c09234e4e43f099411332effc5a71168bd0e284c86177cd3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F12C7B2E0ED4786FB209A14E154BBA7691FB80750F84C136E699C7AC6DF7CE584CB40
                                                                                                                                                                                  Function 00007FFB0B505C48 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 134COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B505C89
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74B8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74E5
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B505D10
                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 00007FFB0B505D4F
                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 00007FFB0B505D69
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B505E3A
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFB0B516419
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFB0B52CAF9,?,?,00000000,00007FFB0B4EC4D0), ref: 00007FFB0B51642A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Maklocstr$Concurrency::cancel_current_taskExceptionThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID: ,$false$true
                                                                                                                                                                                  • API String ID: 4163931919-760133229
                                                                                                                                                                                  • Opcode ID: c0f2ef7070c1f49761d02a5703fcc8a9b7b3e5ed5308bd7948f2b64a82fafe73
                                                                                                                                                                                  • Instruction ID: c71a442425bfcf7d9a6db3c45d43c4f1e944c88eeb7ea6b824187121215dfb6c
                                                                                                                                                                                  • Opcode Fuzzy Hash: c0f2ef7070c1f49761d02a5703fcc8a9b7b3e5ed5308bd7948f2b64a82fafe73
                                                                                                                                                                                  • Instruction Fuzzy Hash: C3518F63618B8182D621CB21F4506AEB3B4FB98764F409266EBDF477A9EF3CD145C700
                                                                                                                                                                                  Function 00007FFB0B5841D8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117networkCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLastsetsockopt
                                                                                                                                                                                  • String ID: ..\s\crypto\bio\b_sock2.c$o
                                                                                                                                                                                  • API String ID: 1729277954-1872632005
                                                                                                                                                                                  • Opcode ID: 55b9dc58d84091389097999520ee8ef412c939128f98883080a21d6a8e2db22d
                                                                                                                                                                                  • Instruction ID: 1646bab664952e5bc30ea0721420d12f0c5e6fb59842848ff3021762dbf0f29a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 55b9dc58d84091389097999520ee8ef412c939128f98883080a21d6a8e2db22d
                                                                                                                                                                                  • Instruction Fuzzy Hash: DA51A3B1A0854296E724DF71E804ABE7760FB84784F448135EA4E87AFADF3DD545DB00
                                                                                                                                                                                  Function 00007FFB0B4FB890 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Initstd::ios_base::_$AddstdExceptionThrowsetvbufstd::ios_base::failure::failurestd::locale::_
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 692481045-1866435925
                                                                                                                                                                                  • Opcode ID: fd2f3828b474fe88a08b624c1155f3347718e21b58a1bf8b771f14d77974cb8c
                                                                                                                                                                                  • Instruction ID: a4afecedc0d79d5b5cc237ff00d8500f77435c4c20401a821d9384f95a86917a
                                                                                                                                                                                  • Opcode Fuzzy Hash: fd2f3828b474fe88a08b624c1155f3347718e21b58a1bf8b771f14d77974cb8c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 03416E72A14B4686EB548F35D4917AD33B0FB44B88F548131CA4E8B765EF3DE6A4C740
                                                                                                                                                                                  Function 00007FFB0B581D48 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: HandleModule$AddressProc
                                                                                                                                                                                  • String ID: OPENSSL_Applink$OPENSSL_Uplink(%p,%02X): $_ssl.pyd$_ssl_d.pyd
                                                                                                                                                                                  • API String ID: 1883125708-1130596517
                                                                                                                                                                                  • Opcode ID: a59ad196c7dd92c8529259541892207718703ab64594e6dd5a010e556f2476ad
                                                                                                                                                                                  • Instruction ID: 05f20ae8cd0ed36462fcfb98a05223fd0f67c40a56152e7ba5fa44cdfc0d459c
                                                                                                                                                                                  • Opcode Fuzzy Hash: a59ad196c7dd92c8529259541892207718703ab64594e6dd5a010e556f2476ad
                                                                                                                                                                                  • Instruction Fuzzy Hash: 74510BA1D08B8281FA159F34E950E7463A0FF697A4B24D739D96E923B5EF7CB5818300
                                                                                                                                                                                  Function 00007FF6AC3A6FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                  • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                  • API String ID: 2895956056-3524285272
                                                                                                                                                                                  • Opcode ID: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                                                                                                                                                  • Instruction ID: 9ddc5a6a2d2f3e83a1a1b2f17d5f44fd2a97e40bb2c83a48aa92d009e388c874
                                                                                                                                                                                  • Opcode Fuzzy Hash: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9413232A09F8286DB209B60F4556AAB3A4FBD5364F400335E6AD87BD6DF7CE4548B40
                                                                                                                                                                                  Function 00007FFB0B583779 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 85stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strcmpstrncmpstrtoul
                                                                                                                                                                                  • String ID: MASK:$default$nombstr$pkix$utf8only
                                                                                                                                                                                  • API String ID: 1175158921-3483942737
                                                                                                                                                                                  • Opcode ID: 56a8b705b4d859711014d430f94cbbc3222095bc84f144be5c70752352c183a7
                                                                                                                                                                                  • Instruction ID: 3cad5facc54d239e0c42576d3f5d9d9fcdd796703950d95ebf3bfb3902a38bf3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 56a8b705b4d859711014d430f94cbbc3222095bc84f144be5c70752352c183a7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E31C9A2B1C98186FB518B38E450BB97760FB85791F849231E65FC36F1DE2CE595C700
                                                                                                                                                                                  Function 00007FFB0B4ED650 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 1099746521-1866435925
                                                                                                                                                                                  • Opcode ID: 2623c180e2649d673c19943a1c372692043f06206a25c303505745926fdd538a
                                                                                                                                                                                  • Instruction ID: 94a51e87a188b8cfe9327a8134ad436ba6669e43e6a35b192a2a096c149879d5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2623c180e2649d673c19943a1c372692043f06206a25c303505745926fdd538a
                                                                                                                                                                                  • Instruction Fuzzy Hash: BF2180E2E1950B95EE188734D861DFD1320AF50748F988075D52FC66B6EF2DE745C740
                                                                                                                                                                                  Function 00007FF6AC3ADC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                  • Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                  • Instruction ID: 78530854693f2d09e4de519ab2edf8366411d1644e3b02b9f692e6f20590ad39
                                                                                                                                                                                  • Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 54E16072A09F418AEF20DF65D440AAD77A0FB89798F100535EE9D9BB95DF39E4A0C700
                                                                                                                                                                                  Function 00007FFB0B51D890 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 308COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 0-1866435925
                                                                                                                                                                                  • Opcode ID: f52173c4f10d0e5f00131a26e35b183f33abf8a6f4ff98f3b57082a8bd5095cd
                                                                                                                                                                                  • Instruction ID: 841a5796cc394d71d787b6b8d82e1398c1cd0231c02b8c09480dfe62889cbfa6
                                                                                                                                                                                  • Opcode Fuzzy Hash: f52173c4f10d0e5f00131a26e35b183f33abf8a6f4ff98f3b57082a8bd5095cd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 96D148B2608A8681EB24CF29D4A0A6DA770FB84F94F14C576DA4E837B6DF3DD845C700
                                                                                                                                                                                  Function 00007FFB0B5860CD Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Fiber$Switch$CreateDeletememmove
                                                                                                                                                                                  • String ID: *$..\s\crypto\async\async.c
                                                                                                                                                                                  • API String ID: 81049052-1471988776
                                                                                                                                                                                  • Opcode ID: ebb182556dd1ef1b68a1ba8f26ba9d1a19ced935fcc31a21e95f534c543be3f0
                                                                                                                                                                                  • Instruction ID: 7d789c75fbd970983893cad1b9ccc28cb316e20f194f44c94941d7008f450bd5
                                                                                                                                                                                  • Opcode Fuzzy Hash: ebb182556dd1ef1b68a1ba8f26ba9d1a19ced935fcc31a21e95f534c543be3f0
                                                                                                                                                                                  • Instruction Fuzzy Hash: E1A14EB2A09A4285EB24DF26E850A79A3A0AF44B84F44C435DA8F877B6DF3DE545C704
                                                                                                                                                                                  Function 00007FFB0B524620 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 175COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 2003779279-1866435925
                                                                                                                                                                                  • Opcode ID: 08befa980dfea9c0ef3bf137efc51fc0e2de0c9f28397007ab18f16809292510
                                                                                                                                                                                  • Instruction ID: 19ecc95c26af840f62f6a6dd1b5a35b6063c6dd934361efb60c03369b122d66f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 08befa980dfea9c0ef3bf137efc51fc0e2de0c9f28397007ab18f16809292510
                                                                                                                                                                                  • Instruction Fuzzy Hash: 06718FB2A09A4685EB548B28D4A17783760FB81F84F44C175CA1F877B6DF2DE946C300
                                                                                                                                                                                  Function 00007FFB0B5243D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 2003779279-1866435925
                                                                                                                                                                                  • Opcode ID: 7650bd997bf7dffc81ca24ad573e1d6ea6f87f8d0221c566a3e0038d77b00579
                                                                                                                                                                                  • Instruction ID: 2211d0326586d36aa0efdcc14ebd3e7417186b8cb6ab2c9580fd4b98c362bcd0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7650bd997bf7dffc81ca24ad573e1d6ea6f87f8d0221c566a3e0038d77b00579
                                                                                                                                                                                  • Instruction Fuzzy Hash: 41715CB2A09A0681EB14CB29D4A0B7837A0FB81F84F45C176DA5F837B6DF2DE945C340
                                                                                                                                                                                  Function 00007FFB0B4F1DB0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 157COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 2003779279-1866435925
                                                                                                                                                                                  • Opcode ID: 8de342f0291e80d733e627eaf939c61c9f2c4bc02dc7a8bd2179287c94fe2617
                                                                                                                                                                                  • Instruction ID: a31cb8ff7841c6c11bd8ab952c5ac708fec872268b2189ee9d288d821333d35c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8de342f0291e80d733e627eaf939c61c9f2c4bc02dc7a8bd2179287c94fe2617
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A5172B2A08A0681EF548B28D4A176C6761FB44B98F548235DA2FD37F5DF3DEA85C700
                                                                                                                                                                                  Function 00007FFB0B505878 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74B8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74E5
                                                                                                                                                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B5058CB
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B505903
                                                                                                                                                                                  • _Getvals.LIBCPMT ref: 00007FFB0B50593C
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B505A16
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFB0B516419
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFB0B52CAF9,?,?,00000000,00007FFB0B4EC4D0), ref: 00007FFB0B51642A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Concurrency::cancel_current_taskExceptionGetvalsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                  • API String ID: 801482897-3573081731
                                                                                                                                                                                  • Opcode ID: 08f4393cbb9286a77c8465830587d0892ef895849c8ce4b697314d7c6ad679fd
                                                                                                                                                                                  • Instruction ID: 03011441d2e43e7fc10a62be641ffe1c2bc3ba19f3ec67e7c22e662aa5f9f4ad
                                                                                                                                                                                  • Opcode Fuzzy Hash: 08f4393cbb9286a77c8465830587d0892ef895849c8ce4b697314d7c6ad679fd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2851187261478146EB24CF34E4A093D3BA4FB51FA0B148671CF9A837A6EF39E441CB00
                                                                                                                                                                                  Function 00007FFB0B5056D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74B8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74E5
                                                                                                                                                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B505723
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50575B
                                                                                                                                                                                  • _Getvals.LIBCPMT ref: 00007FFB0B505794
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B50586E
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFB0B516419
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFB0B52CAF9,?,?,00000000,00007FFB0B4EC4D0), ref: 00007FFB0B51642A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Concurrency::cancel_current_taskExceptionGetvalsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                  • API String ID: 801482897-3573081731
                                                                                                                                                                                  • Opcode ID: 9c08d5fc2ba6d1f9c895b19a1ef2ef9da669aab50d1ee5f16d3dedc8da72be6f
                                                                                                                                                                                  • Instruction ID: 0fc18bad0bc1aabe22b2dbe0483382e9883d9fd65880ccd351b47871e4ec19a6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c08d5fc2ba6d1f9c895b19a1ef2ef9da669aab50d1ee5f16d3dedc8da72be6f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D511B72A1878186EB64CF30D4A087D7BA4FB55F90B148275CF9A837A2EF78E445CB00
                                                                                                                                                                                  Function 00007FF6AC3BDDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FF6AC3BE152,?,?,000002407BB45C88,00007FF6AC3BA223,?,?,?,00007FF6AC3BA11A,?,?,?,00007FF6AC3B5472), ref: 00007FF6AC3BDF34
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000,?,00007FF6AC3BE152,?,?,000002407BB45C88,00007FF6AC3BA223,?,?,?,00007FF6AC3BA11A,?,?,?,00007FF6AC3B5472), ref: 00007FF6AC3BDF40
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                  • Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                  • Instruction ID: a2c8a387c5e029e0a415b1b7b9f4636a5804c4f40e542464e4f5c254eb1661a2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                  • Instruction Fuzzy Hash: E541D021B1BE1281FA56CB16A800DB92392BF55BE0F494535ED0EDF789EE3CE8498244
                                                                                                                                                                                  Function 00007FF6AC3A7600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A769F
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A76EF
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                  • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                  • API String ID: 626452242-27947307
                                                                                                                                                                                  • Opcode ID: 43851299e65b878553ee9477cdfb9aa8b38a7a1e3001ba9c1eb6bb9cebf00e3a
                                                                                                                                                                                  • Instruction ID: cec314e5f2c470d3e6be5502d6ae65b55f9e0fe0718e16a1140b32dc9b240b86
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43851299e65b878553ee9477cdfb9aa8b38a7a1e3001ba9c1eb6bb9cebf00e3a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 74417132A0EF82C1DA20CF15B4805BAB7A5FB85790F584135DA8D87BA5DF3DE465C700
                                                                                                                                                                                  Function 00007FFB0B4EEEB0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Initstd::ios_base::_$AddstdExceptionThrowstd::ios_base::failure::failurestd::locale::_
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 792165947-1866435925
                                                                                                                                                                                  • Opcode ID: 5a961f8f7a396de3a89a0a91937ff84da1abf775fff624eb7f976a44ec027974
                                                                                                                                                                                  • Instruction ID: 76c81ed0622f17f24d2ffdbe8d68e82b77f0a22ad1daa7206686ddb095578941
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a961f8f7a396de3a89a0a91937ff84da1abf775fff624eb7f976a44ec027974
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F21E5A2A08A46A2EA548B35D5617BD2760FF44B84F448031D75F8BBB6DF3CF691C300
                                                                                                                                                                                  Function 00007FF6AC3A7B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00007FF6AC3A3699), ref: 00007FF6AC3A7B81
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6AC3A7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A2654
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: MessageBoxW.USER32 ref: 00007FF6AC3A272C
                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00007FF6AC3A3699), ref: 00007FF6AC3A7BF5
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                  • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                  • API String ID: 3723044601-27947307
                                                                                                                                                                                  • Opcode ID: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                                                                                                                                                  • Instruction ID: 09b6147ed61dde5a3981f42e1e3dde4ae737f520caca99bb9cf4a5f620e45734
                                                                                                                                                                                  • Opcode Fuzzy Hash: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B218971A0EF4295EB10DF26E88087977A1EB85B80F584535CA4DC37A5EFBEE565C300
                                                                                                                                                                                  Function 00007FFB0B4FC3B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74B8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74E5
                                                                                                                                                                                  • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B4FC3EE
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4FC40B
                                                                                                                                                                                  • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B4FC42B
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4FC448
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB710: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0B4FC445), ref: 00007FFB0B4EB739
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB710: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0B4FC445), ref: 00007FFB0B4EB768
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB710: memmove.VCRUNTIME140(?,?,00000000,00007FFB0B4FC445), ref: 00007FFB0B4EB77F
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • :AM:am:PM:pm, xrefs: 00007FFB0B4FC464
                                                                                                                                                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0B4FC416
                                                                                                                                                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFB0B4FC453
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemmove
                                                                                                                                                                                  • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                  • API String ID: 2607222871-3743323925
                                                                                                                                                                                  • Opcode ID: 29a469ce97e9e63c9afcb1297cf3119d81ee8217b80f69d292bc9982e8b506e4
                                                                                                                                                                                  • Instruction ID: 7fb75b2099c6dde13c89835d2b8c564fa584fd8d21722197b22fccad3c6b8e50
                                                                                                                                                                                  • Opcode Fuzzy Hash: 29a469ce97e9e63c9afcb1297cf3119d81ee8217b80f69d292bc9982e8b506e4
                                                                                                                                                                                  • Instruction Fuzzy Hash: F5213D62908B4282EB11DB31E4646797370FB48B94F448274DA8F83766EF3CE584C740
                                                                                                                                                                                  Function 00007FFB0B782210 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 190stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memsetstrncpy
                                                                                                                                                                                  • String ID: , failure codes: $, status text: $..\s\crypto\ts\ts_rsp_verify.c$status code: $unknown code$unspecified
                                                                                                                                                                                  • API String ID: 388311670-2553778726
                                                                                                                                                                                  • Opcode ID: 8efed3f49020b7e35a606fe8d8346b68ad389944bb95c65f90aac90b95e58e99
                                                                                                                                                                                  • Instruction ID: 22b7a3dfea457881222f20cbd8625cd2ada5c8239ee7fb836bcb8e2555926f5b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8efed3f49020b7e35a606fe8d8346b68ad389944bb95c65f90aac90b95e58e99
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7281AFB1A0C68685EB11DB31E464BB9A7A0FB89B84F848035DA4FD77B2DF3DE5458700
                                                                                                                                                                                  Function 00007FFB0B4F922C Relevance: 12.1, APIs: 8, Instructions: 104threadCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentThread$Xtime_diff_to_millis2xtime_get
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3218647749-0
                                                                                                                                                                                  • Opcode ID: 6f3bf3e151121cb8b9efbec79e646c9e8da7cfbfd622af188c552a0e09985615
                                                                                                                                                                                  • Instruction ID: 694d52c6f604381c2c142727dbd043c8185e75cc604db99b9b8ede544a76d57c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f3bf3e151121cb8b9efbec79e646c9e8da7cfbfd622af188c552a0e09985615
                                                                                                                                                                                  • Instruction Fuzzy Hash: AE41D7A2908A4786EA609F26E490B6D73A0FB88B45F50C075DA4FC36B1DF3DE985C701
                                                                                                                                                                                  Function 00007FF6AC3B9264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: f$p$p
                                                                                                                                                                                  • API String ID: 3215553584-1995029353
                                                                                                                                                                                  • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                  • Instruction ID: 3bd314415a998ab9d8e42c7598511707f6c45a369a30f68658bbb9c18995d97f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2912A162E0EF4386FB649B15E054AB976B1FB80754F948035E68BC76C6DF3CE5908B10
                                                                                                                                                                                  Function 00007FFB0B5128C8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74B8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74C9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E74E5
                                                                                                                                                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B51291B
                                                                                                                                                                                  • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B512953
                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFB0B512A66
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFB0B516419
                                                                                                                                                                                    • Part of subcall function 00007FFB0B516410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFB0B52CAF9,?,?,00000000,00007FFB0B4EC4D0), ref: 00007FFB0B51642A
                                                                                                                                                                                    • Part of subcall function 00007FFB0B50FD2C: _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B50FD76
                                                                                                                                                                                    • Part of subcall function 00007FFB0B50FD2C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FD93
                                                                                                                                                                                    • Part of subcall function 00007FFB0B50FD2C: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FDC9
                                                                                                                                                                                    • Part of subcall function 00007FFB0B50FD2C: _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B50FDF4
                                                                                                                                                                                    • Part of subcall function 00007FFB0B50FD2C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FE11
                                                                                                                                                                                    • Part of subcall function 00007FFB0B50FD2C: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FE3A
                                                                                                                                                                                    • Part of subcall function 00007FFB0B50FD2C: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B50FE72
                                                                                                                                                                                    • Part of subcall function 00007FFB0B50F930: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B50F93B
                                                                                                                                                                                    • Part of subcall function 00007FFB0B50F930: __crtGetLocaleInfoEx.LIBCPMT ref: 00007FFB0B50F955
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: calloc$___lc_locale_name_funcfree$Concurrency::cancel_current_taskExceptionGetdaysGetmonthsInfoLocaleThrow___lc_codepage_func___mb_cur_max_func__crt__pctype_funclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                  • API String ID: 3654265320-3573081731
                                                                                                                                                                                  • Opcode ID: 28510fcd3dd80bfbc3f2cddd89eae482c9dfe277f943031db850fde30aaa92f3
                                                                                                                                                                                  • Instruction ID: 1edb387f8487eca51c2f99da0ca1427683c9308e5518249b0ec2ab97f8c5077b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 28510fcd3dd80bfbc3f2cddd89eae482c9dfe277f943031db850fde30aaa92f3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4251C5B2904B8546E724CF34D46086D77A0FB45FA4F148775CAAA837B6DF39E481C700
                                                                                                                                                                                  Function 00007FFB0B5854C5 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 121stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strchr$memmove
                                                                                                                                                                                  • String ID: characters$ to $..\s\crypto\ui\ui_lib.c$You must type in
                                                                                                                                                                                  • API String ID: 1080442166-3422546668
                                                                                                                                                                                  • Opcode ID: 04da4882716858aa5320061ea65a837de683310bda4873f6425a5e0001cb9526
                                                                                                                                                                                  • Instruction ID: d503bd62ce871ece732c3057599ab93982a2c11be5a069dd0e2ea3ad39087442
                                                                                                                                                                                  • Opcode Fuzzy Hash: 04da4882716858aa5320061ea65a837de683310bda4873f6425a5e0001cb9526
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6851BCE2A0868296EB22CF34D450A793760EB44B48F14C236DA4E977F6CF3DE545C740
                                                                                                                                                                                  Function 00007FFB0B4F2328 Relevance: 10.6, APIs: 7, Instructions: 117COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F2418
                                                                                                                                                                                  • memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F2426
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F2438
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F246C
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F2476
                                                                                                                                                                                  • memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F2484
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F2494
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmove$memset$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3802980928-0
                                                                                                                                                                                  • Opcode ID: ab1676f4613d5929e73ddd5a5e1497729e0513e29030f9efa34d5d2f2fe8c048
                                                                                                                                                                                  • Instruction ID: de5f9aa22e67c4df9cd93b0697abf7f424ee15369c4ea5589a784c49d8ccac9b
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab1676f4613d5929e73ddd5a5e1497729e0513e29030f9efa34d5d2f2fe8c048
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A41F6B2709A4251EA04DB32E55456DB362FB05BE0F548631EE6E47BE6DFBCD141C304
                                                                                                                                                                                  Function 00007FFB0B583CFC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 114stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _stricmpstrchrstrncmp
                                                                                                                                                                                  • String ID: ..\s\crypto\store\store_lib.c$T$file
                                                                                                                                                                                  • API String ID: 3017659097-909561481
                                                                                                                                                                                  • Opcode ID: 0c7362976ff57c6aae3128b5906abf98a92d73445f6606c96b6f18c90bbe9dc3
                                                                                                                                                                                  • Instruction ID: 608681ac788d6219882d26400f0f8c6552e4f3dc605be5339d35a4c70352e66b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c7362976ff57c6aae3128b5906abf98a92d73445f6606c96b6f18c90bbe9dc3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A4191B2A19B4686EA119F22E854DAA77A0FB88B84F44C035DE4E97775EF3CE505C700
                                                                                                                                                                                  Function 00007FF6AC3A7C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                  • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                  • API String ID: 626452242-876015163
                                                                                                                                                                                  • Opcode ID: b7b82ea576924ca1617b662870f2c7e243fa9a5b0eddeb3ea6719f1292c4487d
                                                                                                                                                                                  • Instruction ID: 6b90dca026e40d7ca9bf7a51be283407d114149c859c3459978fb5fed42252eb
                                                                                                                                                                                  • Opcode Fuzzy Hash: b7b82ea576924ca1617b662870f2c7e243fa9a5b0eddeb3ea6719f1292c4487d
                                                                                                                                                                                  • Instruction Fuzzy Hash: A841B332A0EF42C2EA20DF15B4809B9B7A5FB85790F144135DA4D87BA5EF3DE426C700
                                                                                                                                                                                  Function 00007FFB0B582E46 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: EnvironmentVariable
                                                                                                                                                                                  • String ID: OPENSSL_ia32cap$~$~$~$~
                                                                                                                                                                                  • API String ID: 1431749950-1981414212
                                                                                                                                                                                  • Opcode ID: 2634814bda47d7719d861af1cfec94a442d099e0f6a35619a322e4b16ada4e8f
                                                                                                                                                                                  • Instruction ID: 9fe659ae6b8924b7afa222e7de55cc6270a1d8b2aaec8275b52ce70800fdb658
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2634814bda47d7719d861af1cfec94a442d099e0f6a35619a322e4b16ada4e8f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E416CA5E0865386FB109B21E840DB862A0EB44780F44D279EA5FD77F4EFBCA885C750
                                                                                                                                                                                  Function 00007FF6AC3ACEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6AC3AD19A,?,?,?,00007FF6AC3ACE8C,?,?,00000001,00007FF6AC3ACAA9), ref: 00007FF6AC3ACF6D
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6AC3AD19A,?,?,?,00007FF6AC3ACE8C,?,?,00000001,00007FF6AC3ACAA9), ref: 00007FF6AC3ACF7B
                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6AC3AD19A,?,?,?,00007FF6AC3ACE8C,?,?,00000001,00007FF6AC3ACAA9), ref: 00007FF6AC3ACFA5
                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF6AC3AD19A,?,?,?,00007FF6AC3ACE8C,?,?,00000001,00007FF6AC3ACAA9), ref: 00007FF6AC3ACFEB
                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6AC3AD19A,?,?,?,00007FF6AC3ACE8C,?,?,00000001,00007FF6AC3ACAA9), ref: 00007FF6AC3ACFF7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                  • Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                  • Instruction ID: 6428c346872a8a2ab88c419ec798be2bd94699ff0abf75efeec79f5362f83910
                                                                                                                                                                                  • Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C31C221B1FE5295EE52DF02A400DB963D4FF88BA4F594635ED1E9A380DF3EE4558700
                                                                                                                                                                                  Function 00007FF6AC3A6480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A7A30: MultiByteToWideChar.KERNEL32 ref: 00007FF6AC3A7A6A
                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6AC3A67CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF6AC3A64DF
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2770: MessageBoxW.USER32 ref: 00007FF6AC3A2841
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6AC3A64B6
                                                                                                                                                                                  • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6AC3A653A
                                                                                                                                                                                  • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6AC3A64F3
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                  • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                  • API String ID: 1662231829-3498232454
                                                                                                                                                                                  • Opcode ID: 2dc19ef5ba30c1755b370eb24f27a07330b7d4ecbeaa7c6206d14ea3a4c7ebc1
                                                                                                                                                                                  • Instruction ID: 6cf1699e63ff721a409ca8f6f61dd586513f4db920ffc366dc9ab707ac7bc18c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dc19ef5ba30c1755b370eb24f27a07330b7d4ecbeaa7c6206d14ea3a4c7ebc1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 09318515B1EF9280FE64A721A555BFA52A1AFD87C0F844031DA4EC37DAEE2EE5188700
                                                                                                                                                                                  Function 00007FFB0B5839B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _chmod_stat64i32fclosefwrite
                                                                                                                                                                                  • String ID: ..\s\crypto\rand\randfile.c$Filename=
                                                                                                                                                                                  • API String ID: 4260490851-2201148535
                                                                                                                                                                                  • Opcode ID: 6b3b0f7a3795f012e9ff1fc1ebc767fdf81fc92d56402ad81cac52365df12dad
                                                                                                                                                                                  • Instruction ID: 08f7594e60653dc215a24123c52c13e218df0c99772dd9b848d49e7ac3315181
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b3b0f7a3795f012e9ff1fc1ebc767fdf81fc92d56402ad81cac52365df12dad
                                                                                                                                                                                  • Instruction Fuzzy Hash: DB316DE1A0878682EA14DB71E854EA973A1FF45B94F408035EA5E977F6EF3CE5048704
                                                                                                                                                                                  Function 00007FF6AC3A7A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32 ref: 00007FF6AC3A7A6A
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6AC3A7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A2654
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: MessageBoxW.USER32 ref: 00007FF6AC3A272C
                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32 ref: 00007FF6AC3A7AF0
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                  • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                  • API String ID: 3723044601-876015163
                                                                                                                                                                                  • Opcode ID: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                                                                                                                                                  • Instruction ID: 312a54000d6a96009eadb3f1600b2aed1868e6266c60af59815652ab661a7cf3
                                                                                                                                                                                  • Opcode Fuzzy Hash: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 85218D22B0EE5281EB10CB29F84057AA3A1FB897C4F584131DB4CC3BAAEE2DE5558700
                                                                                                                                                                                  Function 00007FF6AC3BA620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA62F
                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA644
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA665
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA692
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA6A3
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA6B4
                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F,?,?,?,00007FF6AC3B9313), ref: 00007FF6AC3BA6CF
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                  • Opcode ID: 8ff2e8f234801333ca104f51e052509623115d46483bc0ab35df31335539f603
                                                                                                                                                                                  • Instruction ID: ab62fc5ccb4f30f38547f6b1af1a4665794f04798ed43d47df0a1fbd83154535
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ff2e8f234801333ca104f51e052509623115d46483bc0ab35df31335539f603
                                                                                                                                                                                  • Instruction Fuzzy Hash: 03216D60F0FE1342FA59A7259655E7962929F44BB0F140B34E83EEB6D7DE2CF8008641
                                                                                                                                                                                  Function 00007FFB1BA57250 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2812746719.00007FFB1BA41000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFB1BA40000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2812729340.00007FFB1BA40000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812770842.00007FFB1BA5C000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812790572.00007FFB1BA69000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2812811844.00007FFB1BA6F000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb1ba40000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Size$Arg_BuildDeallocKeywords_Method_ParseTupleValue_
                                                                                                                                                                                  • String ID: (OOOO)$|OOO
                                                                                                                                                                                  • API String ID: 1859027967-2767428988
                                                                                                                                                                                  • Opcode ID: 1033f0dee4dda642455f1e204e3eed589c0073ebaa21484cfbea74f6e7a763d4
                                                                                                                                                                                  • Instruction ID: 9ab4613d9fdb9a5913af4d80a25d5467917b5d279fc7ef1ef9a7e0eae5d6c1d5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1033f0dee4dda642455f1e204e3eed589c0073ebaa21484cfbea74f6e7a763d4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 50114FB1619F4682EA108F65F84446A73A6FB89BA4F546235DE8C43B38EF3CD154CB00
                                                                                                                                                                                  Function 00007FF6AC3C706C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                  • Opcode ID: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                                                                                                                                                  • Instruction ID: eea68d8441b36f60825d58607f2416a77b828f8719df9eebab5bf1c61107c534
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8116D21B1DF618AE7508B56E854B29B2A0FB88FE4F444234EE5DC7794CF7CE8088740
                                                                                                                                                                                  Function 00007FFB0B4EFAD0 Relevance: 9.2, APIs: 6, Instructions: 177COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: fgetc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2807381905-0
                                                                                                                                                                                  • Opcode ID: 37ef44d73613fa637cd5931db9e282469f942bc8d6bbf53949da0148d4e9ee1e
                                                                                                                                                                                  • Instruction ID: a870ff8ef113475f04fb4b65f411106c6521a12767e5392c94e779305d93f09e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 37ef44d73613fa637cd5931db9e282469f942bc8d6bbf53949da0148d4e9ee1e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B8151B3605A41C8EB508F35D4907AC37A1FB44B98F519232EA5F877A9DF39D644C300
                                                                                                                                                                                  Function 00007FFB0B586488 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                  • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                  • API String ID: 1114863663-369496153
                                                                                                                                                                                  • Opcode ID: d8eae108aa50e8ee9f405d161ab28d2f521657fe406e3845ac9384fbb0e87803
                                                                                                                                                                                  • Instruction ID: d2872a8e071ece06171d0cdcad51378d36ef5e3f179cc3ee156ec09f7f8c7f13
                                                                                                                                                                                  • Opcode Fuzzy Hash: d8eae108aa50e8ee9f405d161ab28d2f521657fe406e3845ac9384fbb0e87803
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1241BEE1B0869601FB109B36E950F3A66A1AB18BD4F04C034DD6F97BF5EE3CE4458B44
                                                                                                                                                                                  Function 00007FFB0B584DF4 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 108stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                  • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                  • API String ID: 1114863663-369496153
                                                                                                                                                                                  • Opcode ID: 5f78d842faca65497d7e082e34e1eaa76c99826f4a218ee81ef128562e321c64
                                                                                                                                                                                  • Instruction ID: 82bed4a6414a43f3db7ba497f2bd8109f5fd441c06b3e9932438fa4323e88e71
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f78d842faca65497d7e082e34e1eaa76c99826f4a218ee81ef128562e321c64
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4241DEA2A08A8641FB109B36E800FBA7690AB18BD4F48D134DE5F97BF5DE3CD5458B04
                                                                                                                                                                                  Function 00007FFB0B4E41E8 Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Xp_movxXp_mulx$Xp_setw_errnoldexpmemmove
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1646541708-0
                                                                                                                                                                                  • Opcode ID: 45cdee77e7545dfb4ac0ef30fcf84e3151481f7f1e52e181642e42e439e35c8f
                                                                                                                                                                                  • Instruction ID: ff1605d95990794880b3cfc284fa4c5f30faa9c2ffdc41f5e260e7479f813d47
                                                                                                                                                                                  • Opcode Fuzzy Hash: 45cdee77e7545dfb4ac0ef30fcf84e3151481f7f1e52e181642e42e439e35c8f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 074190A2F08A0289F7119B75E051ABD2360BF44784F51C231DE6FA77B5DF3CA7468200
                                                                                                                                                                                  Function 00007FFB0B4E2A7C Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Xp_movxXp_mulx$Xp_setw_errnoldexpmemmove
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1646541708-0
                                                                                                                                                                                  • Opcode ID: fbe8a88868b665d4309cbe054d2a8286b12580c86b6c0d59b7eba0ca7af31215
                                                                                                                                                                                  • Instruction ID: e1c816fcdb93bd9fd8bbf03743b59a80aa5250bba3087c82e0099ae6ae7e9691
                                                                                                                                                                                  • Opcode Fuzzy Hash: fbe8a88868b665d4309cbe054d2a8286b12580c86b6c0d59b7eba0ca7af31215
                                                                                                                                                                                  • Instruction Fuzzy Hash: F941BFA2F08A0289F3129F75D451ABD2364BF44744F41C275DA6FA73B6DF7CA7068200
                                                                                                                                                                                  Function 00007FFB0B4E3284 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Xp_movxXp_mulx$Xp_setw_errnoldexpmemmove
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1646541708-0
                                                                                                                                                                                  • Opcode ID: 46f50b73c82e49e8af2879a4f3962c67271bb0fc27e978c102ab5c68021049db
                                                                                                                                                                                  • Instruction ID: 68c76dc12b8a2bdc51e78ded4a9ea6f6ee14183183703dfe3950033eed8369db
                                                                                                                                                                                  • Opcode Fuzzy Hash: 46f50b73c82e49e8af2879a4f3962c67271bb0fc27e978c102ab5c68021049db
                                                                                                                                                                                  • Instruction Fuzzy Hash: A541D7A2A0CA4196E2139F39D412DBE6360BF84B40F54C571EA9F937B6DF3CE7058604
                                                                                                                                                                                  Function 00007FFB0B4E1CD0 Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __acrt_iob_funccalloc$Mtx_unlock_beginthreadexabortfputcfputs
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3995598257-0
                                                                                                                                                                                  • Opcode ID: 6ad6c8eed9cc5b4294a11b96ced4649fbf6b7dbd8c716d51d6e433a25b8b480f
                                                                                                                                                                                  • Instruction ID: 155f8b610f9351e32d22e37c0da3039c246859deba52bc305e7d78013baf2aeb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ad6c8eed9cc5b4294a11b96ced4649fbf6b7dbd8c716d51d6e433a25b8b480f
                                                                                                                                                                                  • Instruction Fuzzy Hash: F62123A2A14A5289E740AF71D855AFD3364FF44B98F045035FE0F87BAADE38D685C740
                                                                                                                                                                                  Function 00007FFB0B515C60 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Once$ExecuteInit__crtterminate$ErrorExceptionLastSystem_errorSystem_error::_Throw_invalid_parameter_noinfo_noreturnstd::_
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3077141932-0
                                                                                                                                                                                  • Opcode ID: 292ba9b08f1b456e8eb1e10f3c91b04e86b57f13cec82466bb27a72e0fb057f3
                                                                                                                                                                                  • Instruction ID: 7f2a36b4905a209bcd01eb9c6c8e202203f74f26d124bd845824c1265c0b5491
                                                                                                                                                                                  • Opcode Fuzzy Hash: 292ba9b08f1b456e8eb1e10f3c91b04e86b57f13cec82466bb27a72e0fb057f3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3721D5A1A08A4381FB109B34F4208A96360FF95B94F50D671EA8ED76B6EF3CD601C700
                                                                                                                                                                                  Function 00007FFB0B5164B0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionThrow__std_exception_copy$std::invalid_argument::invalid_argument$std::regex_error::regex_error
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2225372811-0
                                                                                                                                                                                  • Opcode ID: 579caac49531870bd7b2df6b8c7ac96cef54dbc44b83102e448678832d7dfad5
                                                                                                                                                                                  • Instruction ID: 970a1885c8f8b562faf9e571a67b07185fc7a2717ddcec71f7665ce718702391
                                                                                                                                                                                  • Opcode Fuzzy Hash: 579caac49531870bd7b2df6b8c7ac96cef54dbc44b83102e448678832d7dfad5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BF036A2A1C54295D914E734D4758EA7330FB95348F9085B2E29F869B7DF6CD709C700
                                                                                                                                                                                  Function 00007FF6AC3BA798 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA7A7
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA7DD
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA80A
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA81B
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA82C
                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF6AC3B444D,?,?,?,?,00007FF6AC3BDDA7,?,?,00000000,00007FF6AC3BA8B6,?,?,?), ref: 00007FF6AC3BA847
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                  • Opcode ID: 56467da9cbf0f7ea7726befb455c23c7da3468b21c05826552355134373c4563
                                                                                                                                                                                  • Instruction ID: 65b7825fc949498dc4084a21acd29876e42f4a1a09e341cc0e82059c6a9605c8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 56467da9cbf0f7ea7726befb455c23c7da3468b21c05826552355134373c4563
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61119020F0FE5242FA5497259A4293D61929F88BB0F144734E83EEBAC7DE2CF4028351
                                                                                                                                                                                  Function 00007FFB0B4E1950 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __pctype_func$___lc_codepage_func___lc_locale_name_func_wcsdupcalloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 490008815-0
                                                                                                                                                                                  • Opcode ID: c26570a5175e310c7c67cec82136f633dba3ba5588f44644c2c5e5ceca30bf29
                                                                                                                                                                                  • Instruction ID: cf66625d5636d1d380a171ceba4cf62899f6185dcac6144bdf01669cb2a4edc5
                                                                                                                                                                                  • Opcode Fuzzy Hash: c26570a5175e310c7c67cec82136f633dba3ba5588f44644c2c5e5ceca30bf29
                                                                                                                                                                                  • Instruction Fuzzy Hash: 22210A66D08F8583E7018F38D5152BC7360FBA9B48F15E264CE9A56322EF39E6E5C340
                                                                                                                                                                                  Function 00007FFB0B515110 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 219COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • memchr.VCRUNTIME140 ref: 00007FFB0B515222
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B5152FE
                                                                                                                                                                                    • Part of subcall function 00007FFB0B52CAC4: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0B4EC4D0), ref: 00007FFB0B52CADE
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B51535B
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B5153F7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$mallocmemchr
                                                                                                                                                                                  • String ID: 0123456789-
                                                                                                                                                                                  • API String ID: 1035304070-3850129594
                                                                                                                                                                                  • Opcode ID: d640ca200c76db91b86670c613c98aecf132a6b1f4fab212538182e6c2e15436
                                                                                                                                                                                  • Instruction ID: 8a39e76eeeb17c478e52694475d700f43ac8e60aed2d611d460d0494f518e4b1
                                                                                                                                                                                  • Opcode Fuzzy Hash: d640ca200c76db91b86670c613c98aecf132a6b1f4fab212538182e6c2e15436
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1991CE62B09B8589FB00CF75E4607AC2361EB94BA8F448671DE6E53BFADE78D145C340
                                                                                                                                                                                  Function 00007FFB0B51D520 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 0-1866435925
                                                                                                                                                                                  • Opcode ID: 3f2737f50deef84665e9be22b47f0ec4f26eba845b90585ad8b064e2f81e60fc
                                                                                                                                                                                  • Instruction ID: f8ef7a1ec431d47fd69c9cee94cc20f06a289217d8de70e39a97e532a49abda2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f2737f50deef84665e9be22b47f0ec4f26eba845b90585ad8b064e2f81e60fc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A516E62608B8681EB24CB29D4A07ADB760FB85F94F04C576DA8E877B6DF3DD446C700
                                                                                                                                                                                  Function 00007FF6AC3AC8A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                  • String ID: csm$f
                                                                                                                                                                                  • API String ID: 2395640692-629598281
                                                                                                                                                                                  • Opcode ID: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                                                                                                                                                  • Instruction ID: 8749e147060b2e28e9171ddd3e20203f85e0a0d38839990851f8a0be4fe6f03f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 35518B32B1AA028AEB14DB25F404F793795FB95BC8F518134DE4A87788DF3BE9518B04
                                                                                                                                                                                  Function 00007FFB0B4E7FF8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • iswctype.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0B4E7622), ref: 00007FFB0B4E8025
                                                                                                                                                                                  • iswctype.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0B4E7622), ref: 00007FFB0B4E8039
                                                                                                                                                                                  • iswctype.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0B4E7622), ref: 00007FFB0B4E80A5
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: iswctype
                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                  • API String ID: 304682654-3887548279
                                                                                                                                                                                  • Opcode ID: 90889625232b288523072e66be704fabc86384961bd469b6d4b5ec7c94db5ec1
                                                                                                                                                                                  • Instruction ID: f075db36b763fd743c43d15a48915ba4a961061856733ed522c6c0ed61e19f70
                                                                                                                                                                                  • Opcode Fuzzy Hash: 90889625232b288523072e66be704fabc86384961bd469b6d4b5ec7c94db5ec1
                                                                                                                                                                                  • Instruction Fuzzy Hash: B951C3A6E0815381FF245B71D9106BDB3A1EF20B98F49C435EA9F861E5EF7DEB418210
                                                                                                                                                                                  Function 00007FFB0B4E670C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0B4E5B42), ref: 00007FFB0B4E6732
                                                                                                                                                                                  • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0B4E5B42), ref: 00007FFB0B4E6743
                                                                                                                                                                                  • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0B4E5B42), ref: 00007FFB0B4E679C
                                                                                                                                                                                  • isalnum.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB0B4E5B42), ref: 00007FFB0B4E684C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: isspace$isalnumisxdigit
                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                  • API String ID: 3355161242-3887548279
                                                                                                                                                                                  • Opcode ID: 9ada20f4e0d4e9be004ce549e3ff6164ed490b11297bdd8de5b6a3cbde90c071
                                                                                                                                                                                  • Instruction ID: 2bd07f5b2655d85545d6c6acb754c5f01e8f9a2cc6fd3b7e84f296f37d525a31
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ada20f4e0d4e9be004ce549e3ff6164ed490b11297bdd8de5b6a3cbde90c071
                                                                                                                                                                                  • Instruction Fuzzy Hash: 93419386D0D58245EF204F31D5647FD6B91AF31B84F0AD531CAEB872A6DA2EEA06C710
                                                                                                                                                                                  Function 00007FFB0B646D50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129networkCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: getnameinfohtonsmemset
                                                                                                                                                                                  • String ID: $..\s\crypto\bio\b_addr.c
                                                                                                                                                                                  • API String ID: 165288700-1606403076
                                                                                                                                                                                  • Opcode ID: f1bf051b97ab26c01972a26450ccc25cb878bdc10f9a6b0ba7e8bbbca518d627
                                                                                                                                                                                  • Instruction ID: c8dbaa19ef8cc06c58a7a5b91ed52cbac8fc553c120951397e4f6c6498a6a3c6
                                                                                                                                                                                  • Opcode Fuzzy Hash: f1bf051b97ab26c01972a26450ccc25cb878bdc10f9a6b0ba7e8bbbca518d627
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0951A1B1A1DA8285FB649F31E511AB9B3A0EB41784F40C075EB8E876F6DF3DE9458700
                                                                                                                                                                                  Function 00007FF6AC3A2240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                  • String ID: Unhandled exception in script
                                                                                                                                                                                  • API String ID: 3081866767-2699770090
                                                                                                                                                                                  • Opcode ID: fcf731bf2ceca6e070dbdbaa780c49a73cf052ed135755c936a54f607c2ce467
                                                                                                                                                                                  • Instruction ID: ae77aebd3a6362d48bc28afd131062654566aa43b288ee449e3e30acf3e48c70
                                                                                                                                                                                  • Opcode Fuzzy Hash: fcf731bf2ceca6e070dbdbaa780c49a73cf052ed135755c936a54f607c2ce467
                                                                                                                                                                                  • Instruction Fuzzy Hash: 82313A72A0EE8289EB24EF61E8559F973A0FF89784F440135EA4D8BA5ADF3DD145C700
                                                                                                                                                                                  Function 00007FFB0B4EC0E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: setlocale$ExceptionThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                  • API String ID: 1847144839-1405518554
                                                                                                                                                                                  • Opcode ID: 69bcb2bf6b235ff80315e2b808b356e45497ea8affdba11730961c61ec674efe
                                                                                                                                                                                  • Instruction ID: 2dfccfee99b9209c0fe255f4a8c134a41810096e3bec755b47faf47f6bb51c14
                                                                                                                                                                                  • Opcode Fuzzy Hash: 69bcb2bf6b235ff80315e2b808b356e45497ea8affdba11730961c61ec674efe
                                                                                                                                                                                  • Instruction Fuzzy Hash: F321D7F2E0DA4355EA649735D85497EA251EF90BC0F48C031DA5FC77B6DE2CE6818340
                                                                                                                                                                                  Function 00007FF6AC3A2620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6AC3A7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A2654
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A74B0: GetLastError.KERNEL32(00000000,00007FF6AC3A26A0), ref: 00007FF6AC3A74D7
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A74B0: FormatMessageW.KERNEL32(00000000,00007FF6AC3A26A0), ref: 00007FF6AC3A7506
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A7A30: MultiByteToWideChar.KERNEL32 ref: 00007FF6AC3A7A6A
                                                                                                                                                                                  • MessageBoxW.USER32 ref: 00007FF6AC3A272C
                                                                                                                                                                                  • MessageBoxA.USER32 ref: 00007FF6AC3A2748
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                  • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                  • API String ID: 2806210788-2410924014
                                                                                                                                                                                  • Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                  • Instruction ID: ba51d4fbb7508ecdbac6fa8e4d0716bcfdd003819306ef30faa5be2b174627ea
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1231527262DE9291EB20DB10E451BEA7364FBC4784F804036EA8D97A99DF3DD719CB40
                                                                                                                                                                                  Function 00007FFB0B4EF8C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                  • API String ID: 2003779279-1866435925
                                                                                                                                                                                  • Opcode ID: 76c8ab17d0850bfdcf0f794a817e6ee97031519e73788a0652dc125c2d8a2d96
                                                                                                                                                                                  • Instruction ID: 8254211a14a73c8f8c44abd50868e7350cb976cb481e1512536a0b38a568d612
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76c8ab17d0850bfdcf0f794a817e6ee97031519e73788a0652dc125c2d8a2d96
                                                                                                                                                                                  • Instruction Fuzzy Hash: A701B1A2A1860A86FE18C724D8619ED2360FB80748FA48070D12FC7675EF3DE306C740
                                                                                                                                                                                  Function 00007FF6AC3B88E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                  • Opcode ID: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                                                                                                                                                  • Instruction ID: 7656e47d4be5639e4f7b3b8b752db478768fee62009312152c5bdfdd348cdaad
                                                                                                                                                                                  • Opcode Fuzzy Hash: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18F06D61B1BE0282EF108B24E459B7963A0EF897A5F980635CA6E856F4CF3CE149C741
                                                                                                                                                                                  Function 00007FFB0B4F2CF0 Relevance: 7.8, APIs: 5, Instructions: 334stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • strcspn.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFB0B4F2D92
                                                                                                                                                                                  • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4F2DA5
                                                                                                                                                                                  • strcspn.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFB0B4F2DBA
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B4F3110
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B4F315B
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4F80D8: memmove.VCRUNTIME140(?,?,?,?,00000000,00007FFB0B4F5912), ref: 00007FFB0B4F8130
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4F80D8: memset.VCRUNTIME140(?,?,?,?,00000000,00007FFB0B4F5912), ref: 00007FFB0B4F813F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmovememset
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2282448879-0
                                                                                                                                                                                  • Opcode ID: 43ba8dbb3fa5cec9301f72fa23c6b9e93b59b68c625457b30bad576e0c72c2b3
                                                                                                                                                                                  • Instruction ID: 1be051bb43faf901863221b4a31adddd625837be15e3aa58b7eb2ee8a521cc15
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43ba8dbb3fa5cec9301f72fa23c6b9e93b59b68c625457b30bad576e0c72c2b3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FE1ACA2B18A8689FB018F79C4549AC2371FF48B98F548131DE5E977A9DF3DD64AC300
                                                                                                                                                                                  Function 00007FFB0B581064 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmovestrncpy
                                                                                                                                                                                  • String ID: ..\s\crypto\x509\x509_obj.c$0123456789ABCDEF$NO X509_NAME
                                                                                                                                                                                  • API String ID: 3054264757-3422593365
                                                                                                                                                                                  • Opcode ID: 7f77f0534d5a2a99a2cc4ad61e5207ec6cb1e36b2fae790484e7a38ba6b0187c
                                                                                                                                                                                  • Instruction ID: c9a2cb4839f9df33d37ce1f35ab58280304da5600efcf6114af0492c1278d98d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f77f0534d5a2a99a2cc4ad61e5207ec6cb1e36b2fae790484e7a38ba6b0187c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 97B104B2A0868396EB108B25E450B7AB7A0FB48788F85C135DA4FD7BB5DF7CE4058700
                                                                                                                                                                                  Function 00007FFB0B581762 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 203COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $$..\s\crypto\rsa\rsa_sign.c
                                                                                                                                                                                  • API String ID: 0-1864662394
                                                                                                                                                                                  • Opcode ID: 1e7d27cb105fd913aff4b7d841773da92b8b7c595929516f57c28cd3c965b81a
                                                                                                                                                                                  • Instruction ID: b31d54f2a3e008384716861d26c0ded5c520a30e5a13a0a9706054ccc85ce454
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e7d27cb105fd913aff4b7d841773da92b8b7c595929516f57c28cd3c965b81a
                                                                                                                                                                                  • Instruction Fuzzy Hash: E091A1A1A0C78286F7209B31D550FB9A290FB45B84F40C135DE9E9BBB6DFBDE5418701
                                                                                                                                                                                  Function 00007FFB0B4FA9B0 Relevance: 7.7, APIs: 5, Instructions: 175COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: fgetwc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2948136663-0
                                                                                                                                                                                  • Opcode ID: 7b092b86c2f800b45fcf13971108f149f52e97cd8681566c45f30ae54ea6449e
                                                                                                                                                                                  • Instruction ID: fea216d2499785ec565c15757c1f7ce55f04eb57b52983d9abc527ed4cf45b53
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b092b86c2f800b45fcf13971108f149f52e97cd8681566c45f30ae54ea6449e
                                                                                                                                                                                  • Instruction Fuzzy Hash: AA813EB2604A86C9EB508F35D4907AC33B1FB58B98F519132EA5E877A9DF39D584C310
                                                                                                                                                                                  Function 00007FFB0B581ED3 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmove
                                                                                                                                                                                  • String ID: ..\s\crypto\pem\pem_lib.c$;$Enter PEM pass phrase:
                                                                                                                                                                                  • API String ID: 2162964266-3733131234
                                                                                                                                                                                  • Opcode ID: cd38e328b997667744c1706e487c666578dc2542a510621b81c4d5bbb33f039a
                                                                                                                                                                                  • Instruction ID: c4d70c8e19b8def156bbedd6a18089fcdb1ca41f8feb7331dc6f5b04cb0d047e
                                                                                                                                                                                  • Opcode Fuzzy Hash: cd38e328b997667744c1706e487c666578dc2542a510621b81c4d5bbb33f039a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0071A2E270868295E720DB31E451BAA7391FB84B94F418135EB5E87AE6DF3DE501CB04
                                                                                                                                                                                  Function 00007FFB0B58158C Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 131COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memchr
                                                                                                                                                                                  • String ID: ..\s\crypto\x509v3\v3_utl.c$E$FALSE$TRUE
                                                                                                                                                                                  • API String ID: 3297308162-1433594941
                                                                                                                                                                                  • Opcode ID: c15c8ae77919c2d69e8065c64b720aecc4f95572bffe79456e8a2011ebc30d31
                                                                                                                                                                                  • Instruction ID: 616ba2405043a70315acb85a0ac1b94b8a5876a9d7bb740758009932f3ac6f33
                                                                                                                                                                                  • Opcode Fuzzy Hash: c15c8ae77919c2d69e8065c64b720aecc4f95572bffe79456e8a2011ebc30d31
                                                                                                                                                                                  • Instruction Fuzzy Hash: 45519AA1A0AA4285FA149B76E420B692690AF487C0F94D43CDE4FD67B6DF3CE641C704
                                                                                                                                                                                  Function 00007FFB0B4F24C4 Relevance: 7.6, APIs: 5, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F25A5
                                                                                                                                                                                  • memset.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F25B3
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F25EC
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F25F6
                                                                                                                                                                                  • memset.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FFB0B4F2A30,?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F2604
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmovememset$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1876111425-0
                                                                                                                                                                                  • Opcode ID: 8df3b8b3b55c4ad0e2b75d810ff762bfc816abf5dc778e1cac203e07009b2fb8
                                                                                                                                                                                  • Instruction ID: eac9bcb15541cc1d5f21e26f5e91bb517d648fa0e189abf4675ea47eef9ccc81
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8df3b8b3b55c4ad0e2b75d810ff762bfc816abf5dc778e1cac203e07009b2fb8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9141C3A2B09B8281EE14DB32E51466D6351FB45BE0F588A31EE6E4B7E6DEBCD141C304
                                                                                                                                                                                  Function 00007FFB0B4FC570 Relevance: 7.6, APIs: 5, Instructions: 106COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FFB0B4FC333), ref: 00007FFB0B4FC617
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FFB0B4FC333), ref: 00007FFB0B4FC648
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FFB0B4FC333), ref: 00007FFB0B4FC680
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FFB0B4FC333), ref: 00007FFB0B4FC68A
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FFB0B4FC333), ref: 00007FFB0B4FC6BB
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmove$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2580228974-0
                                                                                                                                                                                  • Opcode ID: c5414dc02fb282a514dd476fa31f041e2728c0031ac456c67ca1122fc35b3a76
                                                                                                                                                                                  • Instruction ID: a6ba67588b6479c9964236bbde03d2a99496c9ffb93747e031fcc693538e2da8
                                                                                                                                                                                  • Opcode Fuzzy Hash: c5414dc02fb282a514dd476fa31f041e2728c0031ac456c67ca1122fc35b3a76
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A41F3B2708A9691EE04DF66E4489AD2361FB44BD4F548132EE1E47BBADE7CE141C300
                                                                                                                                                                                  Function 00007FFB0B4F0590 Relevance: 7.6, APIs: 5, Instructions: 95COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmove$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2580228974-0
                                                                                                                                                                                  • Opcode ID: 46b82a7cf3177d4084a802e0d1aaf4a65ae280c1fa6c272f9c3f0bbded35a758
                                                                                                                                                                                  • Instruction ID: 920153800f211d461656e8eaa8995863636d4adae6568bbf71891c84b2b59a9a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 46b82a7cf3177d4084a802e0d1aaf4a65ae280c1fa6c272f9c3f0bbded35a758
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A3124A2704A4691EE009F26E9049AE7361FB84FD0F488532DF5E8BBA6CE3CE151C304
                                                                                                                                                                                  Function 00007FFB0B4F8E8C Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Xtime_diff_to_millis2xtime_get$Mtx_reset_owner
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 638720424-0
                                                                                                                                                                                  • Opcode ID: d059957066d422e0388afbfcbb9ff7b92e138296fa2b63c007ccbc5cfd8a943f
                                                                                                                                                                                  • Instruction ID: f8e2e1948a9ab609b1e7736be9ac115481903544c2756096d2c3575d51951094
                                                                                                                                                                                  • Opcode Fuzzy Hash: d059957066d422e0388afbfcbb9ff7b92e138296fa2b63c007ccbc5cfd8a943f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9821A49270854286EA11EB37E851ABE6350BF98FC4F44C031ED4F8B766DE7CD6068700
                                                                                                                                                                                  Function 00007FF6AC3C87A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                  • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                  • Instruction ID: bfc7fd5cfdefaa16e0bc0ee0e71fd2250fa4ba8519d1b93a944405e630438749
                                                                                                                                                                                  • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B11BF22E5EF3701F6D42124E491B7D14C16F583A4F050230E97E86AD6DEACFE494142
                                                                                                                                                                                  Function 00007FF6AC3BA860 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3BA87F
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3BA89E
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3BA8C6
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3BA8D7
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6AC3B9A73,?,?,00000000,00007FF6AC3B9D0E,?,?,?,?,?,00007FF6AC3B21EC), ref: 00007FF6AC3BA8E8
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                  • Opcode ID: 52e75b61ebb49defa444412e8fee66804bfa3f6c547067b9182500d2680da77e
                                                                                                                                                                                  • Instruction ID: d1b7e466b155599f2325697aaff180a511d131623601dbdd5ee6106af15a2801
                                                                                                                                                                                  • Opcode Fuzzy Hash: 52e75b61ebb49defa444412e8fee66804bfa3f6c547067b9182500d2680da77e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 09119020F0FF4641FA6993269941A7A61829F847F0F144734E83EEB7C7DE2CF4029651
                                                                                                                                                                                  Function 00007FF6AC3BA6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F), ref: 00007FF6AC3BA705
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F), ref: 00007FF6AC3BA724
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F), ref: 00007FF6AC3BA74C
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F), ref: 00007FF6AC3BA75D
                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF6AC3C2433,?,?,?,00007FF6AC3BCB8C,?,?,00000000,00007FF6AC3B3A5F), ref: 00007FF6AC3BA76E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                  • Opcode ID: 8a1bb1fb30c776521f71cd7f268cc6825f5a57dec437cff5255c4fa0cbf0b49a
                                                                                                                                                                                  • Instruction ID: 7b50baf9a2fd9e9df18724dec6edd703ff92c73ab56edca4c28a082e43db7ac3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a1bb1fb30c776521f71cd7f268cc6825f5a57dec437cff5255c4fa0cbf0b49a
                                                                                                                                                                                  • Instruction Fuzzy Hash: BC110924F0FE0341F9A9A7758812D7A22A28F45770F180B35D83EEA2D3DD2CF44182A1
                                                                                                                                                                                  Function 00007FFB0B4EB560 Relevance: 7.5, APIs: 6, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: free$setlocale
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 294139027-0
                                                                                                                                                                                  • Opcode ID: 33854c43b5f3c28a57ffc5b189671f457a919127f309d7183e95e5e4e4349629
                                                                                                                                                                                  • Instruction ID: 0059cc5d55dfaa9b7dcc4116b18f3572d0ba51c24f2226508cadd1b0b97fff58
                                                                                                                                                                                  • Opcode Fuzzy Hash: 33854c43b5f3c28a57ffc5b189671f457a919127f309d7183e95e5e4e4349629
                                                                                                                                                                                  • Instruction Fuzzy Hash: B4112EA7616A0181EB148FB0D4A4B3D6360EF59F39F149674CA2F891B5CF2DD585C380
                                                                                                                                                                                  Function 00007FF6AC3BF198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                                  • Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                  • Instruction ID: 0ee75aad38d102ad2c4f6ea7fb161dcd3a3da98629074431dde2f3f841ac8b36
                                                                                                                                                                                  • Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4681913EE0EE0285F7A55F29C110A7D76A0AF19B88F59A035CA0ED7297DF3DE9019701
                                                                                                                                                                                  Function 00007FF6AC3AE108 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                  • Opcode ID: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                                                                                                                                                  • Instruction ID: b418496adafc095579582a8931d2af5d0d392e506b22ef7483e43f5a4bf0a0b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C616932A09F458AEB208F65D480BAD77A0FB84B88F144225EF5D97B98CF39E065C740
                                                                                                                                                                                  Function 00007FF6AC3AE464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                  • Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                  • Instruction ID: 58b380c61f810788259e29960bced2dbfb25a1ddbb6baa469f03ab8850b564b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                  • Instruction Fuzzy Hash: F551A13290AA4286EF749F159544B6877A0FF95B88F144135EAAC87BE5CF3DE870CB00
                                                                                                                                                                                  Function 00007FFB0B582833 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ..\s\crypto\async\async.c$T
                                                                                                                                                                                  • API String ID: 0-2182492907
                                                                                                                                                                                  • Opcode ID: ca39fcdfc2a22b4399fe0d641851dc443fc34761b69dba39d30568b42ba8b35e
                                                                                                                                                                                  • Instruction ID: ebdc66f2e864cf88730829ac5ea2120d5446c7676e5b3184a66efd232c2b5842
                                                                                                                                                                                  • Opcode Fuzzy Hash: ca39fcdfc2a22b4399fe0d641851dc443fc34761b69dba39d30568b42ba8b35e
                                                                                                                                                                                  • Instruction Fuzzy Hash: EC518FB1A09A4282F7149F32D810DAAB761FF44B84F408535EA4F97BB6DF3DE5098B04
                                                                                                                                                                                  Function 00007FFB0B4E9E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00007FFB0B4ED5CD), ref: 00007FFB0B4E9F14
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FFB0B4ED5CD), ref: 00007FFB0B4E9F52
                                                                                                                                                                                  • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00007FFB0B4ED5CD), ref: 00007FFB0B4E9F5C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmove$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                  • String ID: ios_base::failbit set
                                                                                                                                                                                  • API String ID: 2580228974-3924258884
                                                                                                                                                                                  • Opcode ID: 372e2b47e2d3b0d854694287b5f130fe644ee4ade947c284ca8dfcb215dcd649
                                                                                                                                                                                  • Instruction ID: dab322fa0bd0b4e045e39bdaf8a227635b416653b82f138c404a0268253d35cc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 372e2b47e2d3b0d854694287b5f130fe644ee4ade947c284ca8dfcb215dcd649
                                                                                                                                                                                  • Instruction Fuzzy Hash: A731C1A2709B8190EA14DB76D54466C7361EB05BE0F488631DB7F47BE6DF7CE2518304
                                                                                                                                                                                  Function 00007FFB0B4F5E20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4F5DA0
                                                                                                                                                                                  • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4F5DB2
                                                                                                                                                                                  • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4F5E3B
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6B2
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6D8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: memmove.VCRUNTIME140(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6F0
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: setlocale$freemallocmemmove
                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                  • API String ID: 4085402405-1405518554
                                                                                                                                                                                  • Opcode ID: ed4f7dfe5a515434e25b2c0ad389f85bfba29932e5edace8a2c72acfa9ea8547
                                                                                                                                                                                  • Instruction ID: fd0548971310fbf1629b99fa2a91fd6473867d8490739901a307162768646179
                                                                                                                                                                                  • Opcode Fuzzy Hash: ed4f7dfe5a515434e25b2c0ad389f85bfba29932e5edace8a2c72acfa9ea8547
                                                                                                                                                                                  • Instruction Fuzzy Hash: F331C7B2E0968256EA558B35E4544BEA7A1AF90F80F48C075DA4FC7776DE2CE9818340
                                                                                                                                                                                  Function 00007FFB0B584E99 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: BIO[%p]: $bio callback - unknown type (%d)
                                                                                                                                                                                  • API String ID: 0-3830480438
                                                                                                                                                                                  • Opcode ID: 189034754589aa78dff01189f4c3c4ed66df9d6dd0cad021aa79d50a2f4d48b4
                                                                                                                                                                                  • Instruction ID: 6b7735b81a0afe5001797bdcf95cbdfe3d1a21cbb2eda56bdf2592cde3b0410f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 189034754589aa78dff01189f4c3c4ed66df9d6dd0cad021aa79d50a2f4d48b4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C31E4A2B09A8156E7118B75EC50FBAA660FB89784F408031EE4FC33B6DE3CD4868700
                                                                                                                                                                                  Function 00007FFB0B583841 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ..\s\crypto\bio\b_sock.c$J$host=
                                                                                                                                                                                  • API String ID: 0-1729655730
                                                                                                                                                                                  • Opcode ID: 31c7aae0c6204fcaae541c015ea13e20bcfa82d779c5bb0f8b846d03ff15bf19
                                                                                                                                                                                  • Instruction ID: 71c65c661ea206dbda7b279386288bc613a0570f21564f845e6c7f64cd095401
                                                                                                                                                                                  • Opcode Fuzzy Hash: 31c7aae0c6204fcaae541c015ea13e20bcfa82d779c5bb0f8b846d03ff15bf19
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1831C3B2A0898286EB10DB65F45096EA360FB84784F504035FF8E97BABDF3DD5408B00
                                                                                                                                                                                  Function 00007FF6AC3A24D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                  • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                  • API String ID: 1878133881-2410924014
                                                                                                                                                                                  • Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                  • Instruction ID: b2cc09eaface102b936023573d26ce5e760512624fdd38b051cd7230b33b9378
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                  • Instruction Fuzzy Hash: E431647262DE8191EA20DB10E451BEA7364FFC4784F404036EA8D97699DF3DD719CB40
                                                                                                                                                                                  Function 00007FFB0B4F0FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileFindNext$wcscpy_s
                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                  • API String ID: 544952861-248832578
                                                                                                                                                                                  • Opcode ID: 43a92e4ae7719266fdf7f74a34bd58c0e5cd43bcc5b0d63a8c54a700c8cf6607
                                                                                                                                                                                  • Instruction ID: 58ef1231ede264e90a786521f61806f3fa71e1a0b3bbb015e1b5b65e5d563d85
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43a92e4ae7719266fdf7f74a34bd58c0e5cd43bcc5b0d63a8c54a700c8cf6607
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321A4A6A0C6C2C5EB709F35E8557B923A0EB48B90F448131DA8EC7AA5DF7CD545C700
                                                                                                                                                                                  Function 00007FFB0B4E8884 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DecodePointerfreeterminate
                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                  • API String ID: 1319892530-1018135373
                                                                                                                                                                                  • Opcode ID: 6134b3d9ee8e42ecd0a282cc438d3bc65ec7692e143b46020cd19bf630b9a02f
                                                                                                                                                                                  • Instruction ID: 1f19fcd8b09bba79c70807f033783273d5da179aab48195138f8a002e8ce5cf0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6134b3d9ee8e42ecd0a282cc438d3bc65ec7692e143b46020cd19bf630b9a02f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 56111AB290AA4185EF658B35D494A3C6360FF45F69F14C235CA6F872B1CF2DDA96C201
                                                                                                                                                                                  Function 00007FFB0B4ED630 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                                                                                                  • String ID: ios_base::badbit set
                                                                                                                                                                                  • API String ID: 1099746521-3882152299
                                                                                                                                                                                  • Opcode ID: 8835a64955ff740848f4301bfa056b50858cadad722b641384f192b5b9dc1ffd
                                                                                                                                                                                  • Instruction ID: 1839dc79503a2acb1badc95946092f704d1fb143ca1dab50211907adca4195d7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8835a64955ff740848f4301bfa056b50858cadad722b641384f192b5b9dc1ffd
                                                                                                                                                                                  • Instruction Fuzzy Hash: C801A2A2E2C50691FB189A38C461FBE12619F90348F68C475D52FC54B6EF6EEB058600
                                                                                                                                                                                  Function 00007FFB0B58139D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38networkCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLastsocket
                                                                                                                                                                                  • String ID: ..\s\crypto\bio\b_sock2.c$2
                                                                                                                                                                                  • API String ID: 1120909799-2051290508
                                                                                                                                                                                  • Opcode ID: 2ef5472a3713315c0ebdeb3789e1964bedc6f77517e54092a2e54a431cd722de
                                                                                                                                                                                  • Instruction ID: 0946e75b2f05f60c1d13842a02019318468df1fd631bfb6e10f285dc8cbe39c4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ef5472a3713315c0ebdeb3789e1964bedc6f77517e54092a2e54a431cd722de
                                                                                                                                                                                  • Instruction Fuzzy Hash: B90184B1A1858282E7109F35E8009AD7660FB44794F608235F66E87BF6CF3DD945C740
                                                                                                                                                                                  Function 00007FF6AC3A3BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00007FF6AC3A3699), ref: 00007FF6AC3A3BD1
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6AC3A7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6AC3A101D), ref: 00007FF6AC3A2654
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3A2620: MessageBoxW.USER32 ref: 00007FF6AC3A272C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                  • API String ID: 2581892565-1977442011
                                                                                                                                                                                  • Opcode ID: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                  • Instruction ID: 03ebaa6894188f4f10f0b0aee982a5ae257e9745ec75a4f3d69e5e14a71afcd7
                                                                                                                                                                                  • Opcode Fuzzy Hash: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                  • Instruction Fuzzy Hash: AA01A221B1FE4290FEA1AB24E855BF92291AF9C7C4F400032D84EC6692EE5EF2588700
                                                                                                                                                                                  Function 00007FFB0B7A9650 Relevance: 6.5, APIs: 5, Instructions: 232COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memcmp
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1475443563-0
                                                                                                                                                                                  • Opcode ID: f9a5f847c0a831fcffc5b112e7359bb239a83faf7b63a308c16b99dc0b69426a
                                                                                                                                                                                  • Instruction ID: a72854b68e7b23d89ed63b983507b6e1f9bb70f89e5c2d323f7f162834187212
                                                                                                                                                                                  • Opcode Fuzzy Hash: f9a5f847c0a831fcffc5b112e7359bb239a83faf7b63a308c16b99dc0b69426a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A9172A1B0865255FB909A76D990ABD63A1BFC0788F40D075DF0FDBAB9EE38E415C300
                                                                                                                                                                                  Function 00007FFB0B586438 Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 395COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                  • String ID: ..\s\crypto\sm2\sm2_crypt.c$@
                                                                                                                                                                                  • API String ID: 2221118986-485510600
                                                                                                                                                                                  • Opcode ID: a62842250a601d2f46d6217f9b24feb536ba60e493cec275ea102de8cd2b386b
                                                                                                                                                                                  • Instruction ID: fd8ce95efe2680a7f21b5c5c2774083a2b25a2b774a960242e62de9e6e061ce1
                                                                                                                                                                                  • Opcode Fuzzy Hash: a62842250a601d2f46d6217f9b24feb536ba60e493cec275ea102de8cd2b386b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C0274B260CB8285EA14DB26E4509BE6760FB85BC8F508135DE8E97BB6DF3DD505CB00
                                                                                                                                                                                  Function 00007FFB0B4FE970 Relevance: 6.3, APIs: 4, Instructions: 318stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strcspn$_invalid_parameter_noinfo_noreturnlocaleconvmemmove
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1669350605-0
                                                                                                                                                                                  • Opcode ID: 97cef294c8234e24996934a69e811e08a35bd6dc2cc65fa79cb0f422811af0d6
                                                                                                                                                                                  • Instruction ID: 16c67bf9b5a675a7c82f1ca90821b0829f9984ac903fe0aa39c4bf3a64d79ce6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 97cef294c8234e24996934a69e811e08a35bd6dc2cc65fa79cb0f422811af0d6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 01E1BC62B18A8289FB108F75D454AAC2371FB44B85F548131DE4E97BB5EF38D64AC300
                                                                                                                                                                                  Function 00007FFB0B4FEE00 Relevance: 6.3, APIs: 4, Instructions: 318stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strcspn$_invalid_parameter_noinfo_noreturnlocaleconvmemmove
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1669350605-0
                                                                                                                                                                                  • Opcode ID: b568904929ef177ea3e5454489a4b32e3a5935e52dbc23fadad983666b9a9220
                                                                                                                                                                                  • Instruction ID: f349db455880d9b525a5e329256214758ef8e42aff06e2a0a7280bdc512ccd57
                                                                                                                                                                                  • Opcode Fuzzy Hash: b568904929ef177ea3e5454489a4b32e3a5935e52dbc23fadad983666b9a9220
                                                                                                                                                                                  • Instruction Fuzzy Hash: A1E1ADA2B19A8289EB118F75D454ABC6371FB48B84F548131DE4E97BB4EF38D64AC300
                                                                                                                                                                                  Function 00007FF6AC3BBA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                  • Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                  • Instruction ID: 9df1bf3fda8eea5e6638bc08c6a0d41c808fa0003a5be8985372049ece155179
                                                                                                                                                                                  • Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                  • Instruction Fuzzy Hash: DBD1F332B1AE8189E721CF75D580AAC37B1FB4479CB004236DE5E97BAADE38D416C740
                                                                                                                                                                                  Function 00007FFB0B58382D Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: )$..\s\crypto\evp\p5_crpt.c
                                                                                                                                                                                  • API String ID: 0-3563398421
                                                                                                                                                                                  • Opcode ID: 7b601fa9f3557c5b837c5acffd922e01e82c41c63bf638c72a9ed807f20a69b8
                                                                                                                                                                                  • Instruction ID: 1d5fd261b04a78c93aff5ee0d3e9f367aafbb12421e406d3dcc423f5a4689c39
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b601fa9f3557c5b837c5acffd922e01e82c41c63bf638c72a9ed807f20a69b8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 799192A2A18783C5EE20DB35D411EBA6390FB85784F449532EA5FD7AB6DF3CE5418B00
                                                                                                                                                                                  Function 00007FF6AC3BC430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6AC3BC41B), ref: 00007FF6AC3BC54C
                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6AC3BC41B), ref: 00007FF6AC3BC5D7
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                  • Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                  • Instruction ID: 8c95c24d9f1acee99ae500b86d17ce7e6a35d738dbfc350b239e663778e611cf
                                                                                                                                                                                  • Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0191D572F1AE5289F7708F65A440ABD2BA0BB44B88F14513ADE0EE7686DF38E445C700
                                                                                                                                                                                  Function 00007FFB0B582DEC Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                  • String ID: Operation not permitted$unknown
                                                                                                                                                                                  • API String ID: 1452528299-31098287
                                                                                                                                                                                  • Opcode ID: 5fcab820764991aefc7bfb7edc8ace4291739e80cb77f4aa1bd65aa503073c13
                                                                                                                                                                                  • Instruction ID: 4469f43fed1c7e8b5b90c2228ccbdfbb6513c03ec8c89a49a0962f6fd97800ae
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fcab820764991aefc7bfb7edc8ace4291739e80cb77f4aa1bd65aa503073c13
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61816BA1A0874286FB509B71E864FB967A0FB84784F48C176E95FD72B6DE3CE4458700
                                                                                                                                                                                  Function 00007FFB0B58153C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmove
                                                                                                                                                                                  • String ID: ..\s\crypto\ct\ct_oct.c
                                                                                                                                                                                  • API String ID: 2162964266-1972679481
                                                                                                                                                                                  • Opcode ID: 3a52d61998f55a8af669ebd6166b0127f0a7dd96753732143083e2d16480e2ff
                                                                                                                                                                                  • Instruction ID: 9db14af101b120ed6c8a37e9fc220a672d333f902e4c416c0e77e0f2156f6cd2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a52d61998f55a8af669ebd6166b0127f0a7dd96753732143083e2d16480e2ff
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4071C6A260D68189E715CF39C41097C7B70EB19B88F148636EE9E933A7DE2CD656C701
                                                                                                                                                                                  Function 00007FFB0B633670 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 155stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strncmp
                                                                                                                                                                                  • String ID: content-type
                                                                                                                                                                                  • API String ID: 1114863663-3266185539
                                                                                                                                                                                  • Opcode ID: 0d1f589df4d1d9cd99ae01414d1ba134d0615c4f9379fc36c493314ca99696b1
                                                                                                                                                                                  • Instruction ID: 83814e8b092bb0886c6a60a3b071a7be371b7d0f97fa40e208b50497c40192a8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d1f589df4d1d9cd99ae01414d1ba134d0615c4f9379fc36c493314ca99696b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9151A2E2B0D64241FA609A36E951F7AA2A1BF44B94F049234ED5FC77F6DE2CE501C708
                                                                                                                                                                                  Function 00007FFB0B4EA240 Relevance: 6.1, APIs: 4, Instructions: 106COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesctypestd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2716750221-0
                                                                                                                                                                                  • Opcode ID: 7a11b1e22366df953c56bcdb6bf69edafa6fe217a70891a973f310d91d7d0277
                                                                                                                                                                                  • Instruction ID: fe3e8c01b20260c31aa25ff361181105672998f224bd3ae8935942a480c2319d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a11b1e22366df953c56bcdb6bf69edafa6fe217a70891a973f310d91d7d0277
                                                                                                                                                                                  • Instruction Fuzzy Hash: FE41A5A1A0CB4281EB109B35E4509BD6360EB94BA4F18C671DA6F977F6DF3CE6468700
                                                                                                                                                                                  Function 00007FFB0B4E1B60 Relevance: 6.1, APIs: 4, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcislower
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234106055-0
                                                                                                                                                                                  • Opcode ID: 07b5da062168d5669a39c56d43f65f3b717084410d52d1df7f7576f4b81ce3ea
                                                                                                                                                                                  • Instruction ID: 3d0651ac22a3d0a9b4ba9a2d70fdc405bb2f597e315b6abe4f86fe09eae96db9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 07b5da062168d5669a39c56d43f65f3b717084410d52d1df7f7576f4b81ce3ea
                                                                                                                                                                                  • Instruction Fuzzy Hash: F23109A2A4C74186F7218B26E85077D6A51FB90F81F188035DA9B97BA9EE3CE745C700
                                                                                                                                                                                  Function 00007FFB0B4E1A20 Relevance: 6.1, APIs: 4, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcisupper
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3857474680-0
                                                                                                                                                                                  • Opcode ID: 697f0993e0c5f1d24f9c767484efc03f421657d87d9f7281fdc3a14322cfee9f
                                                                                                                                                                                  • Instruction ID: 8b523584dc6debd2d2d4c13cd9cac2e51a3387e1588ea0e03da3e2cb6ab07ba7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 697f0993e0c5f1d24f9c767484efc03f421657d87d9f7281fdc3a14322cfee9f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9731F6A2A8C78282F7114B25E450B7D6A51EF90B81F188035DA9B97BA5DE3CE784C710
                                                                                                                                                                                  Function 00007FFB0B4F9BAC Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesctypestd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2716750221-0
                                                                                                                                                                                  • Opcode ID: f00470ad906fe360da248e588a27599a9484419fa2c40968de4492c9eddb5e12
                                                                                                                                                                                  • Instruction ID: 15e3f88cf45bd29197c7554e75dc8813319b475a2d120e5d9174f215c4dd1e08
                                                                                                                                                                                  • Opcode Fuzzy Hash: f00470ad906fe360da248e588a27599a9484419fa2c40968de4492c9eddb5e12
                                                                                                                                                                                  • Instruction Fuzzy Hash: 903144A1A08A4281EA119B35E4609BD73A0EB94BA0F588671D65F877F6DE3CE5468700
                                                                                                                                                                                  Function 00007FFB0B4FCBD4 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: 0625cce8056e1fbeafd34c4cc32d65403063833f55f3c25b616fc9f327735a8f
                                                                                                                                                                                  • Instruction ID: 96880772eb0b407bbe79d966a91c7dd11cb3d2448bbc32fac79152f84dcfd33a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0625cce8056e1fbeafd34c4cc32d65403063833f55f3c25b616fc9f327735a8f
                                                                                                                                                                                  • Instruction Fuzzy Hash: C03162A1A4CA4781EA10DB35E4A08BD6361FB94BA0F588671DA5F877F6DE3CE541C700
                                                                                                                                                                                  Function 00007FFB0B4FD440 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3095117837-0
                                                                                                                                                                                  • Opcode ID: 4ac604afad432e19ffdebc53a4f7af755cceacbe3725a61eabefcaaf70d51ce8
                                                                                                                                                                                  • Instruction ID: cc4a0de9089346b0fb79df758f10aa72688c86e78811c5c7f10a7a8cd725e237
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ac604afad432e19ffdebc53a4f7af755cceacbe3725a61eabefcaaf70d51ce8
                                                                                                                                                                                  • Instruction Fuzzy Hash: D03162A2E08A4381EA15DB35E4608BD6361FB94BA4F588271DA5F876F6DE3CE5428700
                                                                                                                                                                                  Function 00007FFB0B4FD30C Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3095117837-0
                                                                                                                                                                                  • Opcode ID: 4a1d74a696e101f9418e4c1aea131a48374db2b4b2725ffa4bef69a5475c1a62
                                                                                                                                                                                  • Instruction ID: 23632cc15960f80e83beac32f51e53396f6953a86edef38a339c0335dbcd632d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a1d74a696e101f9418e4c1aea131a48374db2b4b2725ffa4bef69a5475c1a62
                                                                                                                                                                                  • Instruction Fuzzy Hash: 45314FA2E08A4381EA119B35E4608BD6361FB94BA0F588671DB5F877F6DE3DE5428700
                                                                                                                                                                                  Function 00007FFB0B4FCAA0 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: f3470c7af5e1219ea517dc311023a40c6ff5171f338326e24b56031dd2e8a965
                                                                                                                                                                                  • Instruction ID: 08d5f2ba41d52cb474f10b6d161f8d4db56d5060fcc761125326e10f0ebcfe56
                                                                                                                                                                                  • Opcode Fuzzy Hash: f3470c7af5e1219ea517dc311023a40c6ff5171f338326e24b56031dd2e8a965
                                                                                                                                                                                  • Instruction Fuzzy Hash: 113151A5A48A4781EA149F35F4608BD6360FB94BE0F18C671DA5F876F6DF2CE542C700
                                                                                                                                                                                  Function 00007FFB0B4FB2C8 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesctypestd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2716750221-0
                                                                                                                                                                                  • Opcode ID: 8a0be3e0796e4bd00e343c49d07b79d543f220f19bcd707963a39a8b0941f0ab
                                                                                                                                                                                  • Instruction ID: 8236b59a66a40f07efc9062eb9c1ad9e6e5926e733cff4419a73e00f1e32d4c7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a0be3e0796e4bd00e343c49d07b79d543f220f19bcd707963a39a8b0941f0ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3231A2A1A4CA4381EB10DB35E4608BD6364EB94BA0F18C271DA6F976F6DE3CE5428700
                                                                                                                                                                                  Function 00007FFB0B4FDB78 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesnumpunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 448217422-0
                                                                                                                                                                                  • Opcode ID: 3c1d6b78a54c44f3109820ffb5f30ff00c321022ebf7eabf3ec7dc4569d6136e
                                                                                                                                                                                  • Instruction ID: b5ca0949398c150a83ed2fa5ae82298874b5b8cd335c88377c922a22bdd70bec
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c1d6b78a54c44f3109820ffb5f30ff00c321022ebf7eabf3ec7dc4569d6136e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 013172A1E08A4281EB119F76E4608BD6361FB94BA0F58C671D65F877F6EF3CE5428700
                                                                                                                                                                                  Function 00007FFB0B510384 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3095117837-0
                                                                                                                                                                                  • Opcode ID: 969cec1644bb856d1eac6f1a35742c42c096f944a53fd65e4cc6a2f1d40e8599
                                                                                                                                                                                  • Instruction ID: c162d692e9d44ad5e38f0949f7045c20e8c3fbaedb407f47252e7afc43b4642d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 969cec1644bb856d1eac6f1a35742c42c096f944a53fd65e4cc6a2f1d40e8599
                                                                                                                                                                                  • Instruction Fuzzy Hash: 183173A1A0CA4281EA10DB35E4708B96360FB947A0F58C672DA5F877F6DF7CE586C700
                                                                                                                                                                                  Function 00007FFB0B4FD1D8 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3095117837-0
                                                                                                                                                                                  • Opcode ID: 38913df2d96a4eec83f92b864a390790dea28e991f3c948397feb914cf3f0946
                                                                                                                                                                                  • Instruction ID: 884457bc4f2e7bfa4b7a6540637087196bf7a1e78f7034d93d74e7f496fa03ec
                                                                                                                                                                                  • Opcode Fuzzy Hash: 38913df2d96a4eec83f92b864a390790dea28e991f3c948397feb914cf3f0946
                                                                                                                                                                                  • Instruction Fuzzy Hash: A13192A1E08A4391EA119B75E4608BD6360FB94BA0F18C232DA5F876F6DF3CE541C741
                                                                                                                                                                                  Function 00007FFB0B4F9A78 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localescodecvtstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3627902316-0
                                                                                                                                                                                  • Opcode ID: 9b1c32e4d03cbda99e153f31f72f21e24241e85f2033266064f8f55f5d5db2b3
                                                                                                                                                                                  • Instruction ID: 8b5ba53cb5140ec41ae65fcd41c5b0794cad1f43b0ec21e734f2ada79b45eca9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b1c32e4d03cbda99e153f31f72f21e24241e85f2033266064f8f55f5d5db2b3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C315DA2A08A4281EB159B35E4609BD6360FB94BE4F588271DA5F876F6DE3CE542C700
                                                                                                                                                                                  Function 00007FFB0B510250 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: aee45d2215da4ce7b0f3772c3ce5b61431520466d490ceabc17ed64f9b1dc149
                                                                                                                                                                                  • Instruction ID: 59a550b0042b71415a54b30ce60e0bab632654ef112782939f6159d1273b323c
                                                                                                                                                                                  • Opcode Fuzzy Hash: aee45d2215da4ce7b0f3772c3ce5b61431520466d490ceabc17ed64f9b1dc149
                                                                                                                                                                                  • Instruction Fuzzy Hash: CE3195A2A0CA4281EA11DB35E4708B96361FB94BA0F58C671DA5F877F6DF3CE581C700
                                                                                                                                                                                  Function 00007FFB0B4FDA44 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: d5d33d89c34cbe04dcd739ab9c1e0f669668da78f4d51707938014589a4dc942
                                                                                                                                                                                  • Instruction ID: 44b24c8e4f1c1c0020939b5f4cabfcdc7b0df68163d1ef528adf82555e1b264d
                                                                                                                                                                                  • Opcode Fuzzy Hash: d5d33d89c34cbe04dcd739ab9c1e0f669668da78f4d51707938014589a4dc942
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E3162A2E4CA4381EA15DF35E4608BD6360EB94BA0F588271DA5F877F6DE3CE545C700
                                                                                                                                                                                  Function 00007FFB0B4FD910 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: b1a0f79d3326f903962460f08adc2b2298a43f582fbf5ad1d06f8bf332c444d0
                                                                                                                                                                                  • Instruction ID: 2f4c28f87ba6da46c93851df6fbf2c3006cdf3b1878501035120defe24cdbf10
                                                                                                                                                                                  • Opcode Fuzzy Hash: b1a0f79d3326f903962460f08adc2b2298a43f582fbf5ad1d06f8bf332c444d0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 903144A2E0CA4381EB109F75E45087D6361FB94BA4F588671D65F877F6DE3CE5418700
                                                                                                                                                                                  Function 00007FFB0B4FD0A4 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: a7b608efc1aee6970888407e30e28b4b43bd13f8e6f74a85ee7bf5bf6733577e
                                                                                                                                                                                  • Instruction ID: e7bc2ff632da37b79f0b272658559c8ff3a6cbd4bc97e8833da6f2f5b1739da7
                                                                                                                                                                                  • Opcode Fuzzy Hash: a7b608efc1aee6970888407e30e28b4b43bd13f8e6f74a85ee7bf5bf6733577e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E3164A2F08A4281FA119B35E95087D6360FB94BA0F588271D65F877F6DF3CE541C700
                                                                                                                                                                                  Function 00007FFB0B4FB194 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localescodecvtstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3627902316-0
                                                                                                                                                                                  • Opcode ID: 145bbbc3bc158e60b2dcae730ae36a5f341c077dba051ea11f4e148b8dfc7de4
                                                                                                                                                                                  • Instruction ID: 7b76a9b469c8e86b91d40ca3284be86a7499b29cca75a88e3452ddb45b0d243d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 145bbbc3bc158e60b2dcae730ae36a5f341c077dba051ea11f4e148b8dfc7de4
                                                                                                                                                                                  • Instruction Fuzzy Hash: CD3184A1A0CE4281EB109B35E4508BD6360FB957A0F188271D65F877F6DE3CE542C701
                                                                                                                                                                                  Function 00007FFB0B51011C Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: d72c8285eb6784160f7c4d4e6db8a24b104de1abd3a77db1aa6ba5dcb5cfb000
                                                                                                                                                                                  • Instruction ID: 5a8c469bae11e6d002e08f70de3a3774d2df5242b9060dda2c4cbbafd6c2c443
                                                                                                                                                                                  • Opcode Fuzzy Hash: d72c8285eb6784160f7c4d4e6db8a24b104de1abd3a77db1aa6ba5dcb5cfb000
                                                                                                                                                                                  • Instruction Fuzzy Hash: A63196A1A48B4281EA119B35E8708796361EB947A4F5CCAB1D65F877F6DE3CE482C700
                                                                                                                                                                                  Function 00007FFB0B4FD7DC Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: 1c6ec3c157523f750c870b3272d3ff34d44e14e99ad9b27563f0911ed95044f1
                                                                                                                                                                                  • Instruction ID: 1840698718b5cc14e56afe0c5e01f6a0ac57926ccc50e97f16463582984e7638
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c6ec3c157523f750c870b3272d3ff34d44e14e99ad9b27563f0911ed95044f1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C3173A1E4CA4381EE159B39E4508BD6361FB94BA0F188631D66F876F6DE3CE541C700
                                                                                                                                                                                  Function 00007FFB0B50FFE8 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: 0d78e737d81f217a5e139d1ad9bd1c52e5eafd2eeb45db34d52a84de9a5e6e57
                                                                                                                                                                                  • Instruction ID: 21f0ea0c81fe36919290c9e9c91355a98e057aa583aa8778e546b6ae33ce9812
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d78e737d81f217a5e139d1ad9bd1c52e5eafd2eeb45db34d52a84de9a5e6e57
                                                                                                                                                                                  • Instruction Fuzzy Hash: FC31B6A1A08A4281EA119B35E4708796365FB94BA0F4CC6B1D65F877F7DF3DE582C700
                                                                                                                                                                                  Function 00007FFB0B4FD6A8 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: 00f7dcfa46a85e9306d845bcb843d4a6e56abbb54567e8f720a27f441f54e1c1
                                                                                                                                                                                  • Instruction ID: b80d22381d8b6bba13bd122235474dd9393c645907ab86fa6022487d7be9f296
                                                                                                                                                                                  • Opcode Fuzzy Hash: 00f7dcfa46a85e9306d845bcb843d4a6e56abbb54567e8f720a27f441f54e1c1
                                                                                                                                                                                  • Instruction Fuzzy Hash: A53164A5E08A4381EE159B35E45087D63A0FB94B94F588271D6AF877F6DF3CE541C700
                                                                                                                                                                                  Function 00007FFB0B4FCF70 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: 507ce1a5e7d73154d3749011fcb4afab418e422a1bb32dfaea8c72d98d932c39
                                                                                                                                                                                  • Instruction ID: 89b9110eaa9f96721ddadbce37c062727be1fd8d2c7b441ba866d25effec34d9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 507ce1a5e7d73154d3749011fcb4afab418e422a1bb32dfaea8c72d98d932c39
                                                                                                                                                                                  • Instruction Fuzzy Hash: C93184A1A08B4785EA109B35E8608BD6360FB94BA4F58C231D65F877F6DF3DE5428700
                                                                                                                                                                                  Function 00007FFB0B4F276C Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: 3d07e47c0918bafadbea5d9194d2d850deff4b8fb05363baba3a438e069e2b82
                                                                                                                                                                                  • Instruction ID: 4043af08a39a3f6cf6532381b83f4e5a71c264964d5c38b3821ca96fc2f0699b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d07e47c0918bafadbea5d9194d2d850deff4b8fb05363baba3a438e069e2b82
                                                                                                                                                                                  • Instruction Fuzzy Hash: 373180A5A08A4381EE10DF35E4608BD67A0FB94BA0F58C631E65F976F6DE7CE5428700
                                                                                                                                                                                  Function 00007FFB0B4FCD08 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1958836-0
                                                                                                                                                                                  • Opcode ID: e86ab5f9cdefc02573e43571f9a92ddb28c7e6d3480c0a0ddba73d764e6f00cc
                                                                                                                                                                                  • Instruction ID: 2ce609fba0e0948801e0e074986e6888c668005f6e08e510b3b93931303b5b26
                                                                                                                                                                                  • Opcode Fuzzy Hash: e86ab5f9cdefc02573e43571f9a92ddb28c7e6d3480c0a0ddba73d764e6f00cc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0831B2A1A48A0681EA109B35E4908BD2761EB84BA0F18C232D65F87BF6DF3CE545C700
                                                                                                                                                                                  Function 00007FFB0B4FDCAC Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesnumpunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 448217422-0
                                                                                                                                                                                  • Opcode ID: c696fc2c3a6b5382072ca97f56a1b127eb086680fd410d12b52d6abaed43ced8
                                                                                                                                                                                  • Instruction ID: 66fd02017d289908b394d431267c02ddf9acff1393ca9f17cd6efb3609c3b217
                                                                                                                                                                                  • Opcode Fuzzy Hash: c696fc2c3a6b5382072ca97f56a1b127eb086680fd410d12b52d6abaed43ced8
                                                                                                                                                                                  • Instruction Fuzzy Hash: DE3152A2E08B4381EA109B35E4608BD6360FB94BA4F58C672D65F876F6DF3DE542C700
                                                                                                                                                                                  Function 00007FFB0B5104B8 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3095117837-0
                                                                                                                                                                                  • Opcode ID: ce70adfcc3457c4c5b5756c4f99c44a9a6aa3f404df6a0a8152ffd43bb752157
                                                                                                                                                                                  • Instruction ID: bfb59f10c1e82709bab484940ee8e70b31d00eb5c6ec43768664d30ccb0e58d5
                                                                                                                                                                                  • Opcode Fuzzy Hash: ce70adfcc3457c4c5b5756c4f99c44a9a6aa3f404df6a0a8152ffd43bb752157
                                                                                                                                                                                  • Instruction Fuzzy Hash: A1316FA2A0CA4281EA14DB35E4708B96361EB94BA4F58C671DA5F877F6DE3CE485C700
                                                                                                                                                                                  Function 00007FFB0B4FD574 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3095117837-0
                                                                                                                                                                                  • Opcode ID: 6165060885fdf55755c7bfe429cfe0ecb5ffa73f15c25983cf5194c565986d20
                                                                                                                                                                                  • Instruction ID: 0a62d51965e7ac52cf5cb76e173b151ad2c2c15b727471df39c87985337b831a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6165060885fdf55755c7bfe429cfe0ecb5ffa73f15c25983cf5194c565986d20
                                                                                                                                                                                  • Instruction Fuzzy Hash: 743144A2E08A4281FB119B79E45087D6360FB947A4F588271DA5F877F6DE3CE5428700
                                                                                                                                                                                  Function 00007FFB0B4F2638 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _lock_locales
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3756862740-0
                                                                                                                                                                                  • Opcode ID: 374a708f4c027f64f3bbde7d98aa8f2f3ec5882c15b9587f9c8a1f9dbcedd78d
                                                                                                                                                                                  • Instruction ID: 4c08b1496dc6114bf4d7ae3a344a819d23b80ec8cecc6dc0ef2f0b27e00f4a3f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 374a708f4c027f64f3bbde7d98aa8f2f3ec5882c15b9587f9c8a1f9dbcedd78d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 153193A1A49E4281FB10DB79E5608BD6360EB94BA0F588231E65F877F6DE7CE5428700
                                                                                                                                                                                  Function 00007FFB0B4FCE3C Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _lock_locales
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3756862740-0
                                                                                                                                                                                  • Opcode ID: e468151b5c2f458411b05d44ceda21bf334e284b4bb9150f2ddfd9151ffbaf81
                                                                                                                                                                                  • Instruction ID: 01f9a4d04eb5f11daba10ecb8b5d37bbc4d3f24710a16733e11a234d7832f63c
                                                                                                                                                                                  • Opcode Fuzzy Hash: e468151b5c2f458411b05d44ceda21bf334e284b4bb9150f2ddfd9151ffbaf81
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D31A3A2A18A4791EA10DB35E4A08BD6361FB94BA0F18C631D65F877F6DF3CE541C740
                                                                                                                                                                                  Function 00007FFB0B4E7380 Relevance: 6.1, APIs: 4, Instructions: 82COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___lc_locale_name_funcfreemallocmemmovewcsnlen
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2626247968-0
                                                                                                                                                                                  • Opcode ID: f30811991d692bedc0c7a1c88b05bcfd0119dbfede1abc1abae9bd436faa4321
                                                                                                                                                                                  • Instruction ID: 901560550c8a2b90da9cc32dd63fad4ce0eb044d5ac77b13d5769b333afc188e
                                                                                                                                                                                  • Opcode Fuzzy Hash: f30811991d692bedc0c7a1c88b05bcfd0119dbfede1abc1abae9bd436faa4321
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C21B4A1708AA241D6208B22E40082AAB90FB45FF4F548631DE7F97BA4DF3CD6428704
                                                                                                                                                                                  Function 00007FFB0B4F7FD0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: std::locale::_$Setgloballocalesetlocale$InitLocimpLocimp::_New__lock_locales
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2905786255-0
                                                                                                                                                                                  • Opcode ID: 7533d42a88b30cf4c54e14bc2d80b216ec68bb4ad39f55c3e1146a9e5df12688
                                                                                                                                                                                  • Instruction ID: a54411cca84b0f862bdfd3e1b39603305594108bbe43724ac9c2e4edcd5bc643
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7533d42a88b30cf4c54e14bc2d80b216ec68bb4ad39f55c3e1146a9e5df12688
                                                                                                                                                                                  • Instruction Fuzzy Hash: E9318DA6A04E0286EA149B2AD5A457D6361FB84FD0F44C531CA1F8B7B1DF3DE5958340
                                                                                                                                                                                  Function 00007FFB0B4E6FC0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E6FF4
                                                                                                                                                                                  • ___lc_collate_cp_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4E6FFE
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E9320: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFB0B4E705B), ref: 00007FFB0B4E9363
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E9320: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFB0B4E705B), ref: 00007FFB0B4E9388
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E9320: GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFB0B4E705B), ref: 00007FFB0B4E93C8
                                                                                                                                                                                  • memcmp.VCRUNTIME140 ref: 00007FFB0B4E7021
                                                                                                                                                                                  • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B4E705F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __strncnt$Info___lc_collate_cp_func___lc_locale_name_func_errnomemcmp
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3421985146-0
                                                                                                                                                                                  • Opcode ID: 02edfa4313c4fb3aabff1bebf8c1357e348f0fccc221029525811e02a34b2029
                                                                                                                                                                                  • Instruction ID: 5e7e597f3e624f76a8c5959db6f71d0334a4a0e8ed910ddc249a5315c5c6d57c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 02edfa4313c4fb3aabff1bebf8c1357e348f0fccc221029525811e02a34b2029
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C2162B2A08B4286EB109F36E44046DB7A4FB84FE4F548135DA5F97BA5DF3DEA418700
                                                                                                                                                                                  Function 00007FFB0B581C76 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 57stringCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: strcmp
                                                                                                                                                                                  • String ID: ..\s\crypto\pem\pem_pkey.c$DH PARAMETERS$X9.42 DH PARAMETERS
                                                                                                                                                                                  • API String ID: 1004003707-3633731555
                                                                                                                                                                                  • Opcode ID: 206be129debcac2a41237a69353c9bccba0cedb93cf01b7063e6a005a7104eb5
                                                                                                                                                                                  • Instruction ID: b269bd135fedabb000af34c37637991975c4278960fc09dc3f9fb7dfef7aa9bc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 206be129debcac2a41237a69353c9bccba0cedb93cf01b7063e6a005a7104eb5
                                                                                                                                                                                  • Instruction Fuzzy Hash: CA2197A2A0CB8691EA10DB65E010DA96760FF84B94F40C035EA4ED7B76EF7DD145CB00
                                                                                                                                                                                  Function 00007FF6AC3A1F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1956198572-0
                                                                                                                                                                                  • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                  • Instruction ID: 0bc9a472a5ae357a6637289d2341385a4fd27e954f67ed0da7842e8879935ce7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9111EC21E1D95281FA508759F544ABD2292EFC9B80F488131EE4946B9DCE2DD4D54100
                                                                                                                                                                                  Function 00007FFB0B4E74A0 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3203701943-0
                                                                                                                                                                                  • Opcode ID: 39f0dbf7affc20ace0cd8a52b7416ca02a5e873dcbaf1932feb67f8f83f8ece6
                                                                                                                                                                                  • Instruction ID: 91e174382c5596fa754c2562e71d45040d8a41254f4b249190625855b9531d85
                                                                                                                                                                                  • Opcode Fuzzy Hash: 39f0dbf7affc20ace0cd8a52b7416ca02a5e873dcbaf1932feb67f8f83f8ece6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6101B5E2A04A9582EB155F3AD414868F6A1FF58FD4B08D035D92BC7B29DE3CD5858710
                                                                                                                                                                                  Function 00007FFB0B584408 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmovememset
                                                                                                                                                                                  • String ID: $$..\s\crypto\rsa\rsa_none.c
                                                                                                                                                                                  • API String ID: 1288253900-779172340
                                                                                                                                                                                  • Opcode ID: 3bdee04d0f4f485dc1d35bf7acc74ac95f87e22e6829478a521a18d2b6ca4809
                                                                                                                                                                                  • Instruction ID: 008b9412ec288e87d39a4c8e53b6a25c03ca5561d36511a506eabea20c784ec5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3bdee04d0f4f485dc1d35bf7acc74ac95f87e22e6829478a521a18d2b6ca4809
                                                                                                                                                                                  • Instruction Fuzzy Hash: D101B571B0864286D610DF35E944869B761FB84BD0F54C134FA6E97BBADE3CE6018700
                                                                                                                                                                                  Function 00007FFB0B52D954 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                  • Opcode ID: 76dfa9f6affd35542d897482e00a8f8d8a31374749d9766d0099c6e1fca2c63d
                                                                                                                                                                                  • Instruction ID: be95a23ba537837eb9513bdb5a6f619f2dedcdaf6108dad60bc48a677b8da48b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76dfa9f6affd35542d897482e00a8f8d8a31374749d9766d0099c6e1fca2c63d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C115262A04F418AEB10CF71F8656A833A4F71DB58F041A35EA5E877A5DF3CD198C340
                                                                                                                                                                                  Function 00007FFB0B502B10 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B502F3F
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B502F82
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                  • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                  • API String ID: 3668304517-2799312399
                                                                                                                                                                                  • Opcode ID: f900907ded2f50d54d52aa96b2e03f19fce0c69ff2b6659e1f2decb36258605d
                                                                                                                                                                                  • Instruction ID: 9e041a125a9420f33749a5bd1ba2fe1fb4e9fdd89b1c86547e027ed0ca9bb89d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f900907ded2f50d54d52aa96b2e03f19fce0c69ff2b6659e1f2decb36258605d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AD100A2B2868289EF50CF75D064ABC2761BB54B94F409071DE4F97BA6DE3DE846C300
                                                                                                                                                                                  Function 00007FFB0B502FC0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B5033EF
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B503432
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                  • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                  • API String ID: 3668304517-2799312399
                                                                                                                                                                                  • Opcode ID: e632bfa2d873c0be3d312fc90208439f941055322aecca706e8eed900dda154e
                                                                                                                                                                                  • Instruction ID: 2580e00e808678a8cd0d8bb6cc4e929102f8c13a9cd32884bfd7e35ea11fe36d
                                                                                                                                                                                  • Opcode Fuzzy Hash: e632bfa2d873c0be3d312fc90208439f941055322aecca706e8eed900dda154e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 68D1E0A2B2978289EF10CF76D060ABD2761AB49B94F409071DE4F977A6DF3CE546C304
                                                                                                                                                                                  Function 00007FFB0B586A1E Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 330COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ..\s\crypto\engine\eng_ctrl.c$b
                                                                                                                                                                                  • API String ID: 0-1836817417
                                                                                                                                                                                  • Opcode ID: fc3be2d39301c1ec4dc8b481b2d065fe2399f69ae6af06398e58dc7ad1152c5b
                                                                                                                                                                                  • Instruction ID: aa380e7eb43a0c900f5e79643f36a1f4e0d7d344a496dc06764f79e0c9e68c3d
                                                                                                                                                                                  • Opcode Fuzzy Hash: fc3be2d39301c1ec4dc8b481b2d065fe2399f69ae6af06398e58dc7ad1152c5b
                                                                                                                                                                                  • Instruction Fuzzy Hash: ADE1B2B1A1824282FB648B31D810FBA6261FF86744F54C135EAAFA76B1CF3CE545D700
                                                                                                                                                                                  Function 00007FFB0B50D3C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 195COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB0B50D5F4
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                  • String ID: %.0Lf$0123456789-
                                                                                                                                                                                  • API String ID: 3668304517-3094241602
                                                                                                                                                                                  • Opcode ID: c075ca733a5e2985d7409c734a112bdb889e844c53dbfec16932d9e1d86b165b
                                                                                                                                                                                  • Instruction ID: 6fa8a778f76dcd04f68b0a8e19df7e9faf9fb1acf248c32f8d0261d742d35a7e
                                                                                                                                                                                  • Opcode Fuzzy Hash: c075ca733a5e2985d7409c734a112bdb889e844c53dbfec16932d9e1d86b165b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C819962B18B8585EF00CFB5D460AAC6371FB44B88F408132DE4E63BAADF38E555C340
                                                                                                                                                                                  Function 00007FFB0B515430 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturnswprintf_s
                                                                                                                                                                                  • String ID: %.0Lf
                                                                                                                                                                                  • API String ID: 296878162-1402515088
                                                                                                                                                                                  • Opcode ID: 989814ed0aab853247327d7537572a65def7191e538b3b40b3089a5dc173ab06
                                                                                                                                                                                  • Instruction ID: 943c003e84fd9657077b1323af10b25380141dea99a7556fb1a5790754d7f3ff
                                                                                                                                                                                  • Opcode Fuzzy Hash: 989814ed0aab853247327d7537572a65def7191e538b3b40b3089a5dc173ab06
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A519DA3B19F8585EB00CB75E8606AD6360FB99B94F508272DE5E677B6DF38D046C300
                                                                                                                                                                                  Function 00007FF6AC3C4D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                  • Opcode ID: 8b5d587ec6f6b7eed71ba39116b338de031c50ce5c8dd23bba2b14458f06a6e4
                                                                                                                                                                                  • Instruction ID: 3753c8b1c84f1fc6420ec674797cc647f74b11edf69418bb9458f04d33f38890
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b5d587ec6f6b7eed71ba39116b338de031c50ce5c8dd23bba2b14458f06a6e4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 59412B12A0EBA265FB209B25D405B7E66A0EF80BA4F144235EF5C87AD6DF3CE455C700
                                                                                                                                                                                  Function 00007FFB0B582743 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _time64
                                                                                                                                                                                  • String ID: %02d%02d%02d%02d%02d%02dZ$%04d%02d%02d%02d%02d%02dZ
                                                                                                                                                                                  • API String ID: 1670930206-2648760357
                                                                                                                                                                                  • Opcode ID: 2a3bc1689ddc0f887af3b9ff0742d7664fa732a47decfc4233859a34b1d629f8
                                                                                                                                                                                  • Instruction ID: 73a1df02f63057cb9ddcfa6037f9678c29cf1fd8c4a1c559c7a917658bea25ab
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a3bc1689ddc0f887af3b9ff0742d7664fa732a47decfc4233859a34b1d629f8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 90513672A187418AE760CF65E550A6AF7A0FB88740F449135FA8ED7B69DF7CE4448F00
                                                                                                                                                                                  Function 00007FFB0B581613 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: getaddrinfo
                                                                                                                                                                                  • String ID: ..\s\crypto\bio\b_addr.c
                                                                                                                                                                                  • API String ID: 300660673-2547254400
                                                                                                                                                                                  • Opcode ID: a0b5319feac94952a1432a4b762969270d9d630226e0b1293bfa37404cbb0f4b
                                                                                                                                                                                  • Instruction ID: 998c7da449bbb792927ed4b6f97b01f473584be087a4697922149263debf7a09
                                                                                                                                                                                  • Opcode Fuzzy Hash: a0b5319feac94952a1432a4b762969270d9d630226e0b1293bfa37404cbb0f4b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 644195B2A1868287E7549F32E840ABAB750FB85740F508135FB8F87BA5DF7CD4458B40
                                                                                                                                                                                  Function 00007FF6AC3B7E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AC3B7E9E
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: HeapFree.KERNEL32(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E2E
                                                                                                                                                                                    • Part of subcall function 00007FF6AC3B9E18: GetLastError.KERNEL32(?,?,?,00007FF6AC3C1E42,?,?,?,00007FF6AC3C1E7F,?,?,00000000,00007FF6AC3C2345,?,?,?,00007FF6AC3C2277), ref: 00007FF6AC3B9E38
                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6AC3AB105), ref: 00007FF6AC3B7EBC
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\cJ6xbAA5Rn.exe
                                                                                                                                                                                  • API String ID: 3580290477-4039994597
                                                                                                                                                                                  • Opcode ID: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
                                                                                                                                                                                  • Instruction ID: 97002b3e0bb38b0797eafeee9f06035fb79a5afd7ff6dd17ff58959d7ad23101
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
                                                                                                                                                                                  • Instruction Fuzzy Hash: BC415032A0AF52C5EB14DF25A4808BC67A4EF46BD4B554035F94E87B86DF3CE891C354
                                                                                                                                                                                  Function 00007FF6AC3BC108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                  • Opcode ID: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                                                                                                                                                  • Instruction ID: 683a88ba4683fc5204997a866fac0905b7f230d0d5f836eac1218a338a141280
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                                                                                                                                                  • Instruction Fuzzy Hash: CA419E32A1AE8186DB60CF65E844BAA77A1FB88794F804031EE8DD7799DF3CD445CB40
                                                                                                                                                                                  Function 00007FFB0B515660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Strftime_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                  • String ID: !%x
                                                                                                                                                                                  • API String ID: 1195835417-1893981228
                                                                                                                                                                                  • Opcode ID: 475ce4feb2b53e6add6535e716405e09a01bdaf5ad8d93cb3019602a11087002
                                                                                                                                                                                  • Instruction ID: 94d5511270035bb0c13803867914994df7b3b96b02daa6a712b6f216f25a5630
                                                                                                                                                                                  • Opcode Fuzzy Hash: 475ce4feb2b53e6add6535e716405e09a01bdaf5ad8d93cb3019602a11087002
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D419DA2B08A819EFB108F75D4207EC2771EB58798F408662DE9D57BAAEE38D145C350
                                                                                                                                                                                  Function 00007FFB0B4E6290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _errnoisspace
                                                                                                                                                                                  • String ID: +
                                                                                                                                                                                  • API String ID: 607103254-2126386893
                                                                                                                                                                                  • Opcode ID: ceb648361af4a40464abd6bb96d21510e563132ef184305b88ba731e0678b504
                                                                                                                                                                                  • Instruction ID: f6bcceefc351c07c99695aba3046df962d5b18d67d1140ee75e6294a02bfd38f
                                                                                                                                                                                  • Opcode Fuzzy Hash: ceb648361af4a40464abd6bb96d21510e563132ef184305b88ba731e0678b504
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0621E2A1F0865681FA649B35D410A7C6AD1AB64FD0F5A8035DE6FC37A0DE3CDB828301
                                                                                                                                                                                  Function 00007FF6AC3BE508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CurrentDirectory
                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                  • API String ID: 1611563598-336475711
                                                                                                                                                                                  • Opcode ID: 8d0047e3d49e2942e9dd2ecd46bdb5543a301835a32119f1e21a6d0f1ab18d67
                                                                                                                                                                                  • Instruction ID: 897cb255fe3c3a4a108063599c35ac927bbb4a1681f1f877b6c946611a91af34
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d0047e3d49e2942e9dd2ecd46bdb5543a301835a32119f1e21a6d0f1ab18d67
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7321E472A09E9181EB208B15D454A6D73B1FFC8B84F458036D69D87286DF7CE949CB50
                                                                                                                                                                                  Function 00007FFB0B515D60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4F29D4: memset.VCRUNTIME140(?,?,00000000,00007FFB0B4F5826), ref: 00007FFB0B4F2A1A
                                                                                                                                                                                  • std::_Winerror_message.LIBCPMT ref: 00007FFB0B515DAF
                                                                                                                                                                                  • memmove.VCRUNTIME140 ref: 00007FFB0B515DDF
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4E9D18: memmove.VCRUNTIME140(?,?,?,00007FFB0B4ED5CD), ref: 00007FFB0B4E9DD7
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmove$Winerror_messagememsetstd::_
                                                                                                                                                                                  • String ID: unknown error
                                                                                                                                                                                  • API String ID: 301178630-3078798498
                                                                                                                                                                                  • Opcode ID: 98119a2c876a1c59b561851f97c996c2cff6274175daffcd9d743103a7d01bdb
                                                                                                                                                                                  • Instruction ID: 6587bb45e807ce17fe21cbf8ad8495dc658775668d9fc77e6d0ec1ad372145f4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 98119a2c876a1c59b561851f97c996c2cff6274175daffcd9d743103a7d01bdb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5921E1A2A1868281F7088F34E424A6C2351FB95FC4F54DA70DA2A873FADF7CD1518340
                                                                                                                                                                                  Function 00007FFB0B583387 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLastgetsockname
                                                                                                                                                                                  • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                  • API String ID: 566540725-540685895
                                                                                                                                                                                  • Opcode ID: a7a9d23270d94e37348a85efb9068d8d5f36d2912cc69f144dbe1a5ed76ec5ab
                                                                                                                                                                                  • Instruction ID: 98242d5eb2560efabe20f90730c35036f9b6581b8145106d22aeca0e1e367a7e
                                                                                                                                                                                  • Opcode Fuzzy Hash: a7a9d23270d94e37348a85efb9068d8d5f36d2912cc69f144dbe1a5ed76ec5ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: FE214AF1A1854686E710DF71D814AEAB360FF80354F908135E65E86AF2DF3DE585DB40
                                                                                                                                                                                  Function 00007FFB0B4EAC30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 00007FFB0B515920: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B51592F
                                                                                                                                                                                  • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FFB0B4EACBC
                                                                                                                                                                                  • _CxxThrowException.VCRUNTIME140 ref: 00007FFB0B4EACCD
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4F5E20: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4F5DA0
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4F5E20: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4F5DB2
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4F5E20: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFB0B4F5E3B
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: setlocale$ExceptionThrow_lock_localesstd::invalid_argument::invalid_argument
                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                  • API String ID: 1683849403-1405518554
                                                                                                                                                                                  • Opcode ID: 7c9bcb853565743618b71d0b67f6afb15cda60452226c720ad76d4234984937c
                                                                                                                                                                                  • Instruction ID: 3800281d2243e5c6c72d4ac6aa0a69ce47f7f6272e8bc1c7a7b6830f4372b089
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c9bcb853565743618b71d0b67f6afb15cda60452226c720ad76d4234984937c
                                                                                                                                                                                  • Instruction Fuzzy Hash: E911C173605B8189C7148F38E88005C77B5FB98FA4B188275DBAD833AAEF34DA51C340
                                                                                                                                                                                  Function 00007FF6AC3A2770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                  • String ID: Fatal error detected
                                                                                                                                                                                  • API String ID: 1878133881-4025702859
                                                                                                                                                                                  • Opcode ID: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                                                                                                                                                  • Instruction ID: 553991c133697e4bf1168cd2871cc8b938befbc6d4c7ce6913b366b335debb4a
                                                                                                                                                                                  • Opcode Fuzzy Hash: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7521A17262DE8291EB20DB10F451BEA7364FBC4788F804035EA8D97A99CF3DD219CB40
                                                                                                                                                                                  Function 00007FF6AC3A2880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                  • String ID: Error detected
                                                                                                                                                                                  • API String ID: 1878133881-3513342764
                                                                                                                                                                                  • Opcode ID: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                                                                                                                                                  • Instruction ID: 99fa69237f99eae1ebe6434d14233532c9d2cc1117d9618dbff8c9b7a82fbca5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                                                                                                                                                  • Instruction Fuzzy Hash: DB21327262DE8291EB209B10F461BEA6364FBC4788F805135EA8D97699DF3DD219CB40
                                                                                                                                                                                  Function 00007FFB0B58251D Relevance: 5.3, APIs: 4, Instructions: 301COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8c6eff884418fc92cc5e26df02b3eed974339047e7975db595e20ff13a8e19e6
                                                                                                                                                                                  • Instruction ID: 873ccc02dce5f7e2b61eb71c57fdad8a8066643e79426903b7dca65ee72ca643
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c6eff884418fc92cc5e26df02b3eed974339047e7975db595e20ff13a8e19e6
                                                                                                                                                                                  • Instruction Fuzzy Hash: FEC1CAB6708A818AD720CF69E440BAAB791F789BC4F044139EE8ED7B59DF7CD1058B44
                                                                                                                                                                                  Function 00007FF6AC3AEFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                  • Opcode ID: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                                                                                                                                                  • Instruction ID: 7f7cbc2af85e5e03bb0d51724268166e8bdf0c7d7ff24797b1e24655ceeddeba
                                                                                                                                                                                  • Opcode Fuzzy Hash: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B114C3260AF8182EB218F15F44066DB7A4FB88B94F184230EE8C47768DF3DD565CB00
                                                                                                                                                                                  Function 00007FF6AC3BF00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809564483.00007FF6AC3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AC3A0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809537100.00007FF6AC3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809584515.00007FF6AC3CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809605761.00007FF6AC3EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809661489.00007FF6AC3EE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ff6ac3a0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                  • API String ID: 2595371189-336475711
                                                                                                                                                                                  • Opcode ID: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                                                                                                                                                  • Instruction ID: 36d482e3bec9fe32b32545b9cbd9d6953104a9ebccb8696d4e02d9cfd7bb32e5
                                                                                                                                                                                  • Opcode Fuzzy Hash: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8801F22291DE0386FB31AF20A462ABE73A0EF88708F402435D54DC22A2DF3CE554DA14
                                                                                                                                                                                  Function 00007FFB0B515F90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __std_exception_copyrand_s
                                                                                                                                                                                  • String ID: invalid random_device value
                                                                                                                                                                                  • API String ID: 979846984-3926945683
                                                                                                                                                                                  • Opcode ID: 1f8ed5a527de385152b09c5ece5034331ea420588227d0af696af0a8ee27bb76
                                                                                                                                                                                  • Instruction ID: ce629c59ba3436a14514822ce81472afb6d07d074e3bdb490b1de9c40e28afac
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f8ed5a527de385152b09c5ece5034331ea420588227d0af696af0a8ee27bb76
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61F04FA2A18A4581DB049F61E8A08A83370FB98B00F848471E65EC77B2DF3CE5A5C300
                                                                                                                                                                                  Function 00007FFB0B5815AF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: _time64
                                                                                                                                                                                  • String ID: !$..\s\crypto\ct\ct_policy.c
                                                                                                                                                                                  • API String ID: 1670930206-3401457818
                                                                                                                                                                                  • Opcode ID: 2469cebdf6127ba6f472849c8a2beef390ac71ce979d8bb48b8be32df35c6107
                                                                                                                                                                                  • Instruction ID: a736a89dea3677d43c0951e5fa1a196832a896f5e990b52c1b0e688c3ab53165
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2469cebdf6127ba6f472849c8a2beef390ac71ce979d8bb48b8be32df35c6107
                                                                                                                                                                                  • Instruction Fuzzy Hash: BDF067B1B16A0686EF059B34D811BAD63A0EF44704F848035EA0E963F2EE3CE656DB40
                                                                                                                                                                                  Function 00007FFB0B516540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExceptionThrow__std_exception_copystd::invalid_argument::invalid_argument
                                                                                                                                                                                  • String ID: bad function call
                                                                                                                                                                                  • API String ID: 1180758849-3612616537
                                                                                                                                                                                  • Opcode ID: e7b691aa0131a1abb8dcc5df0449dfc66b02b47a65c773ff1f5cad3373210a14
                                                                                                                                                                                  • Instruction ID: 6e8d3ec1d6f78751e5d6b90f5ed8b95520e7d347e72760f9c647111c669ba23c
                                                                                                                                                                                  • Opcode Fuzzy Hash: e7b691aa0131a1abb8dcc5df0449dfc66b02b47a65c773ff1f5cad3373210a14
                                                                                                                                                                                  • Instruction Fuzzy Hash: 06D0C7A2A1854655DD11E734D4A18A96331BF91344F9081B1D15F865B6DE5CE309C700
                                                                                                                                                                                  Function 00007FFB0B586BE5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21networkCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorLastioctlsocket
                                                                                                                                                                                  • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                  • API String ID: 1021210092-540685895
                                                                                                                                                                                  • Opcode ID: 4b3498a1bc9275628b4fed3f0116b26741c55f820a8da06fdf06bba4b20f0e59
                                                                                                                                                                                  • Instruction ID: 8fe70ad78958ecfb00a24668c9a6f1b982c8796758d0f676f6617be704ea38c9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b3498a1bc9275628b4fed3f0116b26741c55f820a8da06fdf06bba4b20f0e59
                                                                                                                                                                                  • Instruction Fuzzy Hash: 26E09AE0B19A0387F3156FB0D814FBA6210AF08749F008130E91FC2AF2DF3DA2498B00
                                                                                                                                                                                  Function 00007FFB0B4ED400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B4ED40D
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB710: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0B4FC445), ref: 00007FFB0B4EB739
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB710: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0B4FC445), ref: 00007FFB0B4EB768
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB710: memmove.VCRUNTIME140(?,?,00000000,00007FFB0B4FC445), ref: 00007FFB0B4EB77F
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4ED42A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0B4ED435
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: free$Getdaysmallocmemmove
                                                                                                                                                                                  • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                  • API String ID: 2126063425-3283725177
                                                                                                                                                                                  • Opcode ID: 35240cb5f5100ad4a6dbdd5295e329d3b5d0df92d6cb6440ee87cb48881eb460
                                                                                                                                                                                  • Instruction ID: 7870146113777a69040fb568b7d05bf27dee97743cf9ecbfb42a0b5fa58bbe91
                                                                                                                                                                                  • Opcode Fuzzy Hash: 35240cb5f5100ad4a6dbdd5295e329d3b5d0df92d6cb6440ee87cb48881eb460
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AE06D62A14B4292EA158B22F5947686360FF08B90F888134DA0F47B61EF3CE5A48310
                                                                                                                                                                                  Function 00007FFB0B4ED450 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B4ED45D
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB710: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0B4FC445), ref: 00007FFB0B4EB739
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB710: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFB0B4FC445), ref: 00007FFB0B4EB768
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB710: memmove.VCRUNTIME140(?,?,00000000,00007FFB0B4FC445), ref: 00007FFB0B4EB77F
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4ED47A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFB0B4ED485
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: free$Getmonthsmallocmemmove
                                                                                                                                                                                  • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece
                                                                                                                                                                                  • API String ID: 794196016-2030377133
                                                                                                                                                                                  • Opcode ID: c82f8f9ad4e2d2af623f2a64a55ac3353b2c765cd361e64e07e7ab3c08dd46ed
                                                                                                                                                                                  • Instruction ID: fb4d725aa747a178cb40d427f4837a5bbb3630d02f006f3c61b20d5032638a55
                                                                                                                                                                                  • Opcode Fuzzy Hash: c82f8f9ad4e2d2af623f2a64a55ac3353b2c765cd361e64e07e7ab3c08dd46ed
                                                                                                                                                                                  • Instruction Fuzzy Hash: 48E06D62A15B0292EA409B22F5947686360FF08B84F849034DA0F87B61DF3CE5B48300
                                                                                                                                                                                  Function 00007FFB0B4ECCD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B4ECCDD
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6B2
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6D8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: memmove.VCRUNTIME140(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6F0
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4ECCFA
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFB0B4ECD05
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: free$Getdaysmallocmemmove
                                                                                                                                                                                  • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                  • API String ID: 2126063425-3283725177
                                                                                                                                                                                  • Opcode ID: 4369f42fca7dce3118de04e163d293b9be384bdf3f2632a8f01c906decda58a8
                                                                                                                                                                                  • Instruction ID: a69f663a08a1fb2e6930f38d3ee72366d0fc3fbe8af5b6de9159b3493f0dd142
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4369f42fca7dce3118de04e163d293b9be384bdf3f2632a8f01c906decda58a8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FE0E552614B4291DE059B26F5957696361FF44B80F44C474DA1F87765DF3CE5A4C300
                                                                                                                                                                                  Function 00007FFB0B4ECD40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFB0B4ECD4D
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6B2
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6D8
                                                                                                                                                                                    • Part of subcall function 00007FFB0B4EB690: memmove.VCRUNTIME140(?,?,?,00007FFB0B4F84D4), ref: 00007FFB0B4EB6F0
                                                                                                                                                                                  • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFB0B4ECD6A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFB0B4ECD75
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: free$Getmonthsmallocmemmove
                                                                                                                                                                                  • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
                                                                                                                                                                                  • API String ID: 794196016-4232081075
                                                                                                                                                                                  • Opcode ID: db95abb9d15dbef39e6ee0859203eea4f630d3aba3162c7ecd3a84709e9a22e3
                                                                                                                                                                                  • Instruction ID: 251d7cdc5387a1e580095a9f9f051f583ef185db21546eb717483324935ff5f5
                                                                                                                                                                                  • Opcode Fuzzy Hash: db95abb9d15dbef39e6ee0859203eea4f630d3aba3162c7ecd3a84709e9a22e3
                                                                                                                                                                                  • Instruction Fuzzy Hash: B8E0ED62A14B4292EE049B22F59476963B0FF58B80F848075DA1F47766DF3CE6E4C340
                                                                                                                                                                                  Function 00007FFB0B7BB080 Relevance: 5.2, APIs: 4, Instructions: 239COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • memchr.VCRUNTIME140(00007FFB0B7BAFEB,00000000,?,00000000,00007FFB0B7BA289), ref: 00007FFB0B7BB1BB
                                                                                                                                                                                  • memchr.VCRUNTIME140(00007FFB0B7BAFEB,00000000,?,00000000,00007FFB0B7BA289), ref: 00007FFB0B7BB203
                                                                                                                                                                                  • memchr.VCRUNTIME140(00007FFB0B7BAFEB,00000000,?,00000000,00007FFB0B7BA289), ref: 00007FFB0B7BB21D
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memchr
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3297308162-0
                                                                                                                                                                                  • Opcode ID: c5e960affa148b692ef3d217ac06fb5c7be25dddca428b8f48f7e9c294a6392b
                                                                                                                                                                                  • Instruction ID: 26a82cba94f20defb5bf086bdf32f9f2d2a6d0a92bba0a664b8dca2c874180ad
                                                                                                                                                                                  • Opcode Fuzzy Hash: c5e960affa148b692ef3d217ac06fb5c7be25dddca428b8f48f7e9c294a6392b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A9192A2B0868581EB508B76D494B79A7A1FB89BC4F588035DF4EC3B75CE2CE945CB00
                                                                                                                                                                                  Function 00007FFB0B5853E4 Relevance: 5.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809852036.00007FFB0B581000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB0B580000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809836179.00007FFB0B580000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B58D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5E5000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B5F9000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B609000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B61D000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809852036.00007FFB0B7CC000.00000020.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7CE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B7F9000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B82A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B850000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810104736.00007FFB0B876000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810240839.00007FFB0B89E000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810259382.00007FFB0B8A4000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8A6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2810278403.00007FFB0B8C6000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b580000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: memmove
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2162964266-0
                                                                                                                                                                                  • Opcode ID: f8fc3825456b718fa61beb737ea69a31c942ec99b197afecc34420bc9983a393
                                                                                                                                                                                  • Instruction ID: c0a15cd6e50d3a151b11c86e29f81fb2889df5c3122f6016bd47d2afce115536
                                                                                                                                                                                  • Opcode Fuzzy Hash: f8fc3825456b718fa61beb737ea69a31c942ec99b197afecc34420bc9983a393
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B1193B2A04A8192D710DF26E5815A97360EB447D0F44C535EB5E97BAAEF28E691C300
                                                                                                                                                                                  Function 00007FFB0B5109C0 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                  • Opcode ID: 21e29c9922f19bdda75fb578db1eebbd38709f35706a816a21095b56aee0f4f3
                                                                                                                                                                                  • Instruction ID: d6c834c31ea92fb5ac17c4f0b461bd70a3a39e41b0afae196a1e8a81b0d35dfd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 21e29c9922f19bdda75fb578db1eebbd38709f35706a816a21095b56aee0f4f3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 77F0EC66619F0292DB449B25F9A456C7320FB88F90F5480B1DA4E83B72DF3DE4A58300
                                                                                                                                                                                  Function 00007FFB0B4FE6D0 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                  • Opcode ID: 1505eafe45e457f4db7c5ee298ec8fe61a246f9253c397c6ee0353011936a2de
                                                                                                                                                                                  • Instruction ID: b58cd454c80b85cc8259be60004c85ae4184918383f87dfd8ea1dece7a6ef456
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1505eafe45e457f4db7c5ee298ec8fe61a246f9253c397c6ee0353011936a2de
                                                                                                                                                                                  • Instruction Fuzzy Hash: FDF0EC66619F0292DB449B25F9A457C7360FB88F81F548071DA4E83B72DF2DE4A58300
                                                                                                                                                                                  Function 00007FFB0B4FE660 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2809692579.00007FFB0B4E1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFB0B4E0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000002.00000002.2809677567.00007FFB0B4E0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809724595.00007FFB0B532000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809753905.00007FFB0B56F000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809768680.00007FFB0B570000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809782894.00007FFB0B571000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B573000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000002.00000002.2809805512.00007FFB0B579000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffb0b4e0000_cJ6xbAA5Rn.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                  • Opcode ID: 2301427b651c3a47193e5a8d6ad951242187ad620a5bd31deb8cfb3ac87ac41d
                                                                                                                                                                                  • Instruction ID: 9f82a527b7b9cdf2c39ce1039db5456206f474159a6f4ed1b52da643cdd5ddca
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2301427b651c3a47193e5a8d6ad951242187ad620a5bd31deb8cfb3ac87ac41d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61F0EC66619F0292EB449B25F9A456C7320FB88F80F548071DA4E83B72DF2DE4A58300